Binance, one of the world’s biggest cryptocurrency exchanges by trading volume, has offered a reward equivalent to $ 250,000 to anyone providing information that leads to the arrest of hackers who attacked the platform last week.
Read more in my article on the Hot for Security blog.
If you had a zero-day vulnerability for remotely hacking an iPhone who would you tell? The people who will give you $ 1.5 million dollars or the company that can protect every iOS user in the world?
The Verge writes:
Apple is planning a new bug bounty program that will offer cash in exchange for undiscovered vulnerabilities in its products, the company announced onstage at the Black Hat conference today. Launching in September, the program will offer cash rewards for working exploits that target the latest version of iOS or the most recent generation of hardware. It’s the first time Apple has explicitly offered cash in exchange for those vulnerabilities, although the company has long maintained a tip line for disclosing security issues.
Ivan Krstic, Apple’s head of security engineering and architecture, made the announcement during a presentation at Black Hat on Thursday.
The top reward comes for finding flaws in vulnerabilities in Apple’s “secure boot” process, which if broken could seriously compromise security.
As Hacker News reports, for now Apple’s bug bounty program is invite-only – meaning that the only people likely to be ushered in are those who have a track record in finding exploitable flaws in the company’s code. Hopefully things will loosen up over time, and from the sound of things they are open to adding others who come forward after finding critical vulnerabilities in key areas.
Frankly, an Apple bug bounty is long overdue.
Apple was looking incongruous in not offering a reward for security researchers who uncovered critical vulnerabilities in its products. After all, if you were a vendor you would rather have those who find security vulnerabilities in your products work with you rather than selling off their exploits to a third-party, wouldn’t you?
With a bug bounty in place, serious exploitable vulnerabilities are more likely to be responsibly disclosed to Apple, and users are more likely to be protected in a timely fashion.
Good.
What could Microsoft CEO Satya Nadella have done in just 10 months to convince shareholders he’s worth the $ 84 million pay package they approved earlier this month?
Quite a bit, it turns out, but it remains to be seen how his actions will pan out for the company over time, and in fact that long view was taken into account in his compensation bundle. It doesn’t allow some hefty stock grants to vest fully until 2021, and how much he ultimately gets is linked to how well Microsoft fares over that time vs other big corporations on the S&P 500.
+ Also on Network World: Nadella wins over Gartner crowd | CEO Nadella issues manifesto to shake up Microsoft +
To read this article in full or to leave a comment, please click here