$2.674 from Google for a solar plant in Tanzania

In January 2015, Google launched an experimental program called Vulnerability Research Grants to complement the long-running Vulnerability Reward Program, with the goal of rewarding security researchers who verify the security of Google products and services, even in the case when no vulnerabilities are found. As a regular reporter to the
How secure is Apple?

How secure is Apple?

Since 2005 Apple has been listing all responsible disclosed vulnerabilities (web application security) on a dedicated page. There are in total 435 bugs listed, reported by hundreds of individuals. In 2011 I've already made a posting about vulnerabilities I've found in Apple's sites. This posting was called Apple XSS Gallery

SonarQube/Sonar SQL Injection

Last year I found a exploitable boolean-based / AND/OR time-based blind SQL injection vulnerability in Sonatype SonarQube >=3.4 and <3.6.1. CVSS v2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:C) Overall Score: 9 SonarQube (formerly Sonar) is an open source platform for Continuous Inspection of code quality. This is the first public advisory of the issue. This advisory additionally includes a list of fixed and undisclosed XSS bugs in Sonar >=3.5.1. Timeline * 2013-04-31 Filled a bug in Sonar Ji

Yahoo, please start with a Vulnerability Reward Program

Yahoo Japan suspects up to 22 million user IDs may have been leaked; does not include passwords #breaking — Reuters Tech (@ReutersTech) May 17, 2013 This wouldn't happen if Yahoo had a Vulnerability Reward Program like Google, Facebook, Mozilla, Paypal, Etsy, etc (list of reward programs @bugcrowd). Last year I discovered

XSS bei Google - insgesamt $4600 für Schulen in Afrika

English version Vor zwei Jahren startete Google sein Vulnerability Reward Program und bezahlt seitdem Findern sicherheitsrelevanter Fehler in seinen Web-Anwendungen Belohnungen. In Summe wurden bisher $704.909,50 (Stand Dez. 2012) ausbezahlt. Obwohl Google bei Spenden den eigentlichen Reward verdoppelt, wurden bisher lediglich $25.825 (Quelle S.42) an gemeinnützige

News about Google's Vulnerability Reward Program

Recently Adam Mein spoke at AppSec USA 2012 and Kevin Stadmeyer at SysScan 360 in Beijing about Google's experience with the Web Vulnerability Reward Program. Both are Security Program Manager at Google. * 31 October 2011 - Bug Bounty Panel with Adam Mein at OWASP AppSec 2012 (Video, Transcript) * 13 December