Samsung Adopts Bugcrowd to Manage Mobile Security Rewards Program

Samsung Adopts Bugcrowd, Offering up to $200,000 Per Vulnerability Through Mobile Security Rewards Program 
Bug bounties are cost-efficient partial solutions to the security skills gap. In 2015, Dice reported that that a Lead Software Security Engineer could cost more than $200,000 per year in salary, while an application security manager would cost more than another $150,000. 
Employing an in-house team to continuously probe products, software, firmware and all updates for security bugs rapidly becomes an expensive exercise, with — frankly — no guarantee of success. Failure to find and fix security bugs and vulnerabilities before they are exploited by criminals, however, could rapidly become even more costly.
一分钟快速了解基础信息安全理念
安全意识教育的目标应该和组织所制定的信息安全目标相配合,并密切结合组织信息安全计划,否则就达不到它预定的效果。
Bug bounties help to solve this problem by tapping into the largest available market of top-class security expertise — the white hat hacker community — and paying only on results. Adequate bounties further encourage white hat hackers to conform to a responsible disclosure ethos for all discovered vulnerabilities, provided they are confident that the vendor will uphold his part of the bargain. Third-party bounty program operators take the idea further by running the bounty scheme on the vendors’ behalf, lowering administrative cost and hassle.
The 2017 Bugcrowd State of Bug Bounty Report (PDF) “highlights not only the continued growth of the bug bounty model, but also the enterprise’s adoption of it, with three times more enterprise bug bounty programs launched in the past year than the previous three years combined.”
Now Bugcrowd affirms this statement with the announcement that from today it will manage payment processing for the Samsung Electronics’ Mobile Security Rewards Program that was launched in September 2017. “By adopting a bug bounty program covering all mobile products, Samsung is not only accessing the most powerful set of resources available, but also demonstrating [its] commitment to security. We are proud to work with such a security-centric organization to help minimize the risk to the millions of consumers using Samsung mobile devices.”
Bugcrowd currently operates the rewards programs of more than 70 different companies (not all of which offer a financial bounty) including security firms BitDefender, Centrify, NETGEAR, 1Password, Okta, Cylance, LastPass. Corporate partners include MasterClass, Fiat Chrysler, Tesla and Western Union. The Samsung Electronics’ Mobile Security program rewards security researchers up to $200,000 per vulnerability, depending on its severity. 
Researchers are expected to keep details of any vulnerability confidential until a remedy is in place, but Samsung will provide an initial response within 48 hours and ‘make our best effort’ to release a patch within 90 days.
“Our Mobile Security Rewards Program is yet another initiative being undertaken by Samsung to further this commitment,” said Henry Lee, Senior VP of Mobile Security Technologies Group, Mobile Communications business at Samsung Electronics. “Bugcrowd helps fortify partnership with the security research community by ensuring the community receives payouts in a timely manner.”
Related: Bitdefender Offers Up to $1,500 in Public Bug Bounty Program 
Related: Google Paid Out $9 Million in Bug Bounties Since 2010 
Related: Disclosure – A Case for Bug Bounties

互联网的匿名性是让它成为孳生恶意留言的温床,发起匿名攻击的人能够躲过别人的反击。博客网站应负起删除恶意留言的责任,如果网站不作为,博客作者就要自行清理门户了。对付恶意留言的办法就是立刻直接删除,再发再删。

猜您喜欢

是否需要在企业层面建立信息安全意识月?
再谈信息安全意识推广计划
Security-Frontline-安全前线
从奥运冠军到豪门阔太 你还能认出她是谁吗?
WORDLM AFTEROFFERS
信息安全管理的优先工作是什么