The SecureDrop engineering team welcomes the contributions of security researchers. SecureDrop is relied on by sources to talk with journalists at dozens of news organizations, many of whom are taking significant risks to bring information to the public eye. We want to do everything we can to make the whistleblowing process as safe for them as possible. Testing by external security researchers is an important part of that process. In order to minimize risk to SecureDrop users throughout the security research process, in this post we will describe how to ethically perform security research on SecureDrop and what constitutes acceptable and unacceptable behavior.
We’re excited to announce our bug bounty program is moving from private to public! Dash is opening up its doors to more than 60,000 registered and verified Bugcrowd security experts around the world to detect issues on behalf of Dash and be rewarded in bug bounty payments. That means more vulnerabilities are discovered and fixed, and we’re all more secure as a result.
At Bugcrowd, we’ve long said that managed bug bounty programs allow organizations of any size or stage of security maturity to realize the benefits of a bug bounty program. This is why we’ve provided managed programs from day one and why I’m especially excited by today’s news. Today we are recruiting for a Secret customer program with a top reward of $250K.
For the first couple of weeks the program will run privately, and then it will be opened to the public so that any white-hat hacker or security researcher can participate in the bug bounty program, and strengthen Dash 's overall security.
Initially, the range of bounties is set at $100-$10,000 but by the time the program goes public, cyber security experts may earn as much $15,000 for identifying significant bugs. Thanks to the funding provided by Dash Masternode Operators (MNOs) through the Dash Budget system, Dash will have one of the best funded bug bounty programs in the cryptocurrency industry, run by the leading company in the space.
In addition to the Dash Core software, other applications will be added to the bug bounty program after consultation with the Core Team. For example, the CoPay wallet may be added after launch, as well as Dash Evolution.
The Dash Bug Bounty program is a DashIncubator project managed by Jim Bursch. The program is coordinated with the Dash Core Team through Holger Schinzel, who leads quality assurance. We greatly look forward to our partnership with Bugcrowd, and providing our users with a safer, more secure network.
For too long, security has been an inhibitor for end users. In fact, in our recent survey, we found that 94% of security professionals are more concerned about getting work done than about security. Security should not limit the business, it should enable it.
At Atlassian, security is baked into the product development lifecycle. We employ an entire team of security engineers who build threat models, review code, and test our systems. Building and maintaining products that keep our customers safe is a team effort.
It’s an exciting time to be in information security. Black hats are attacking more web sites, constructing more 0-day threats and phishing more credentials and payment data. The proliferation of smart IoT devices and new technologies create opportunities for malicious activities. Nation State actors and the vulnerabilities they exploit are gaining visibility.
Intercom, the customer messaging platform launched its public bug bounty program today. The goal: to implement a secure development lifecycle and protect customer data. Intercom believes that the program is one of the best ways to address and stay on top of the latest cybersecurity challenges.
Today, DigitalOcean launched its public bug bounty program. Building on the success of its private program, the public program allows DigitalOcean to focus internal resources on the demands of keeping the cloud secure, while letting researchers do what they do best. DigitalOcean now has access to Bugcrowd’s full crowd of researchers for an even wider breadth of skill sets to find vulnerabilities faster.