In 2017, The State of Security published its most recent list of essential bug bounty frameworks. Numerous organizations and government entities have launched their own vulnerability reward programs (VRPs) since then. With that in mind, I think it’s time for an updated list.
Here are 14 essential bug bounty programs for 2019.
Minimum Payout: No predetermined amount
Maximum Payout: $200,000
First launched in September 2016, Apple’s bug bounty program originally welcomed just two dozen security researchers who had previously reported vulnerabilities they had found in the tech giant’s software. The framework has presumably expanded since then to include additional bug bounty hunters. Without a public website, however, it’s difficult to ascertain any details about the program, including which ethical hackers have claimed bounties.
Ivan Krstic of Apple Security Engineering and Architecture group announced the bug bounty program at Black Hat USA 2016. According to him, his employer will pay $25,000 for flaws that could allow an actor to gain access from a sandboxed process to outside user data. Meanwhile, it will hand over $100,000 to those who can extract data protected by Apple’s Secure Enclave technology. The highest bounty comes in at $200,000 for security issues affecting its firmware.
As reported by Motherboard, security researchers are now sharing iOS vulnerabilities with Apple, and the tech giant is rewarding these individuals with bounties for their findings.
Minimum Payout: Various
Maximum Payout: Various
European Parliament member Julia Reda announced that the European Commission would be launching 14 out of a total of 15 bug bounty programs in January 2019. Those bug bounties are for free and open-source software projects on which various institutions of the European Union rely. Anyone is welcome to participate by submitting bugs and vulnerabilities they find to the involved (Read more...)
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by David Bisson. Read the original post at: https://www.tripwire.com/state-of-security/security-data-protection/cyber-security/essential-bug-bounty-programs/