We recently contributed to the Department of Commerce’s request for public comment on its “Green Paper” with Rapid7, Duo Security, Electronic Frontier Foundation, Center for Democracy & Technology, Global Cyber Alliance and many others that we hope will bolster a more transparent approach to securing the Internet of Things.
Last week we announced the categories for our 2nd Annual Buggy Awards which will award a select group of individuals and organizations in the bug bounty space. Today we’re pleased to announce the finalists in these categories in anticipation of the awards ceremony next week.
These finalists represent just a handful of organizations and individuals that make this economy so vibrant and we are thankful to the entire bug bounty community.
We are pleased to announce the categories for this year’s Buggy Awards. These awards represent a select group of individuals and organizations who have done fantastic work in the bug bounty space in the past year.
These awards highlight the achievements of top performing customers and researchers and serve as a reminder about what is essential to maintaining the health of the community as a whole.
Yesterday a vulnerability in Cloudflare CDN and DDoS prevention service was disclosed by Google's Project Zero. The blog post stated that an HTML parser for specific Cloudflare features was vulnerable to leaking sensitive information of other Cloudflare customers.
Over the last few months, we've been challenging our crowd to submit bugs against some of our most challenging targets – thick client applications.
It goes without saying that it has been a HUGE year for appsec. We’ve seen yet another record breaking year of breaches, we had the largest breach in recorded history–Yahoo–, and we also witnessed the largest DDoS attack as far as we know at 1.2TB–Mirai.
Throughout June, July and August 2016, we ran a researcher promotion focused on mobile targets and we are thrilled today to finally be able to announce the winners: