Security news aggregator

Latest coverage for Reward

Reward-related cybersecurity coverage examines bug bounties, vulnerability disclosure incentives, and how compensation can influence reporting and risk.

160 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Reward in information security usually means compensation offered for finding and responsibly reporting a vulnerability, commonly through a bug bounty or vulnerability disclosure program. Payment may depend on severity, exploitability, affected assets, report quality, and whether the issue is previously known. Some programs also reward information that helps identify active abuse or improve defenses, but the intended activity and eligibility should be explicitly defined.

Rewards can extend defensive testing beyond an organization’s internal teams, but they require clear scope, reporting channels, response targets, and rules for handling sensitive data. Without these controls, researchers may test unauthorized systems, expose personal information in proof-of-concept material, submit duplicates or invalid findings, or dispute inconsistent decisions. Security teams should connect accepted reports to vulnerability management: validate and prioritize findings, track remediation, communicate disclosure decisions, and preserve evidence. Program metrics such as response time, remediation time, and recurring vulnerability classes can show whether incentives are improving security rather than merely increasing report volume.

Volume over time

Weekly headline count for the current query.

Showing 20 most recent headlines of 160

Long after CVEs issued and open source flaws fixed Last fall, Jakub Ciolek reported two denial-of-service bugs in Argo CD, a popular Kubernetes controller, via HackerOne's Internet Bug Bounty (IBB) program. Both were assigned CVEs and have since been fixed. But instead of receiving an $8,500 reward for the two flaws, Ciolek says, HackerOne ghosted him for months.…

Bleeping Computer 10 months, 2 weeks ago

US offers $10 million bounty for info on Russian FSB hackers

The U.S. Department of State is offering a reward of up to $10 million for information on three Russian Federal Security Service (FSB) officers involved in cyberattacks targeting U.S. critical infrastructure organizations on behalf of the Russian government. [...]

All Risk, No Reward: Meta's Ongoing Legal Issues in EuropeSocial media giant Meta is likely to face more legal hurdles over its plans to use the personal data of European Facebook and Instagram users to train artificial intelligence models. Meta paused efforts to train AI with European data in June 2024.

Loading more headlines...