In Could, LayerZero Labs, the crew that launched the main cross-chain messaging protocol LayerZero, introduced the launch of a brand new bug bounty program in partnership with Immunefi, the bug bounty and security companies platform for Web3.
The pair referred to as this system the “largest within the historical past” of the software program business and reveals a dedication to security in addition to the builders and customers within the LayerZero ecosystem. LayerZero Labs revealed it might offer a most reward of $15 million for every new vulnerability discovered by members who uncover vulnerabilities on the highest severity stage.
“Rewards are distributed in response to the influence of the vulnerability primarily based on the Immunefi Vulnerability Severity Classification System V2.2. It is a simplified 5-level scale, with separate scales for web sites/apps, sensible contracts, and blockchains/DLTs, specializing in the influence of the vulnerability reported,” wrote Immunefi.
Third version of The Good Catch program protects Democratic tech distributors
In June, three political tech organizations — Increased Floor Labs, Trestle Collaborative, and Zinc Collective — opened purposes for the third version of The Good Catch, a bug bounty program devoted to Democratic tech distributors. This system ran through the 2020 and 2022 election cycles, and this cycle’s program will run up till subsequent 12 months’s US presidential election, Matt Hodges, govt director at Zinc Collective’s Democrat-focused political tech lab, instructed Axios.
Collaborating tech distributors create an account on Federacy, a web based program that manages bug bounty packages for organizations. Every firm signed up retains its program non-public by default, which means solely vetted researchers might be invited to take part. Collaborating distributors can even resolve to open their bug bounty packages to the whole platform. As soon as their packages are up and working, distributors obtain experiences of doubtless exploitable security flaws on their methods, which they’re going to have to confirm on their very own.
If requested, this system can present distributors with basic recommendation about the way to arise their security packages and might advocate different consultancy corporations to assist with extra nuanced questions.
SquareX invitations bug hunters to hack-test browser-based cybersecurity product
In June, endpoint security vendor SquareX introduced a bug bounty program to ask hackers, security researchers, technologists, and college students to hack-test its browser-based cybersecurity product and discover security vulnerabilities in it earlier than its launch.
To incentivize and reward bug hunters, SquareX provided rewards totalling as much as $25,000 for efficiently found, reported, and certified vulnerabilities. This system spanned six weeks from June 15, 2023, to July 27, 2023, with hunters inspired to assist battle-test and harden the product.
“We invite the worldwide hacker group to take part on this bug bounty program and assist us uncover vulnerabilities. I hope in doing so, we can launch a world-class cybersecurity product that buyers can use and be fearless on-line,” stated Vivek Ramachandran, founding father of SquareX.
Upon closure of this system, SquareX stated it witnessed a powerful inflow of hunters, notably from India, the USA, and Germany, who launched 1000’s of automated scans and focused assaults on its product. Nonetheless, even with the incentives in place and the doubling of the prize cash, SquareX reported that zero vital bugs had been found through the course of.
Swisstronik gives as much as $31,000 per found bug
In August, Swisstronik, the layer-1 community for constructing regulatory-compliant dApps with enhanced information privateness, introduced the launch of its first bug bounty program with rewards reaching $31,000 per bug.
Swisstronik stated that members will assist the agency turn into a safe bridge between the standard world with its regulatory necessities and the Web3 world with its excessive privateness and decentralization requirements. “Because of this, builders can contribute to a extra balanced Web3 during which KYC and different person verifications don’t end in private information loss or reliance on centralized events, and assist increase the general blockchain adoption.”
Defend AI launches huntr AI/ML bug bounty platform
In August, Defend AI introduced the launch of the “world’s first” AI and machine studying bug bounty platform, huntr. The agency stated the launch permits the cultivation of a strong group of security researchers devoted to uncovering vulnerabilities and offering remediations inside AI/ML packages, libraries, frameworks, and fashions.
“As a part of our program, it will be significant that every one contributors obtain the popularity they deserve. As soon as a vulnerability has been totally disclosed, acknowledged by the maintainer, and subsequently patched, we credit score all contributors concerned for his or her essential work within the course of,” Defend AI stated.
The platform hosts month-to-month contests offering researchers alternatives to showcase their abilities and earn rewards. The inaugural contest on the huntr AI/ML bug bounty platform centered on Hugging Face Transformers, presenting a reward of as much as $50,000.
Free bug searching program for NGOs, nonprofits expands throughout Europe
In July, Hack4Values introduced the enlargement of its free bug-hunting program for NGOs and nonprofits throughout Europe. First launched in France in 2022, the Hack4Values platform is a web based group comprised of moral hackers and security researchers dedicated to making a safer digital world for all NGOs and their beneficiaries.
This system gives NGOs and nonprofits a free platform audit to assist determine the security dangers they face, with the Hack4Values group additionally offering options to assist these corporations hold their information safe from cyber threats.
Since launching, over 50 moral hackers who’ve volunteered for Hack4Values have supplied bug bounty packages for 10 NGOs together with Amnesty Worldwide and Motion In opposition to Starvation.
Yahoo picks Intigriti to run crowdsourced security program
In September, Yahoo introduced a partnership with world crowdsourced security agency Intigriti to launch a brand new public bug bounty program. This system covers Europe and is open to the 75,000 moral hackers who’re registered on the Intigriti platform, together with anybody else who needs to participate.
Payout charges are on a scale that is proportional to potential influence, Yahoo and Intigriti stated. Researchers can earn between $100-$500 for low-ranked vulnerabilities, as much as $10,000 for high-rated flaws, and between $10,000-$15,000 for any vital points found. This system additionally gives moral hacking groups beneficiant money rewards for topping the leaderboard in choose Seize The Flag (CTF) competitions, a transfer that goals to draw prime cybersecurity expertise and foster collaboration amongst moral hackers.
“Increasing our bug bounty program with Intigriti provides us a much bigger outreach to the worldwide moral hacker group. We wish to cater to as many individuals as potential and supply one of the best service potential to our customers,” commented Arjun Govindaraju, technical principal security engineer at Yahoo.
Practically 70 belongings are in scope underneath this system, together with Yahoo’s high-value internet domains, APIs, and Search companies, together with Yahoo Purchasing, Yahoo Mail, and media manufacturers Yahoo Information, and Yahoo Sports activities.
Cryptocurrency alternate Uniswap unveils four-tier program
In September, decentralized cryptocurrency alternate Uniswap initiated a brand new bug bounty program that includes a four-tier severity scale that’s vital, excessive, medium, and low/informational. Uniswap stated it might offer rewards of as much as 2,250,000 USD Coin, relying on the severity of recognized bugs and belongings in danger, in response to The Crypto Occasions.
This system covers vulnerabilities and bugs in sensible contracts which are deployed by Uniswap, which will be present in numerous GitHub repositories together with the Common Router Contract Code, Permit2 Contract Code, V3 Contract Code, and UniswapX Contract Code.
Google expands program to incorporate generative AI security points
In October, Google introduced that it’s increasing its bug bounty program to incorporate generative AI-specific security points. Increasing to reward for assault eventualities particular to generative AI will “incentivize analysis round AI security and security, and convey potential points to gentle that may in the end make AI safer for everybody,” stated Laurie Richardson, VP of belief and security, and Royal Hansen, VP of privateness, security and security engineering at Google.
The tech big additionally introduced it might be increasing its open-source security work to make details about AI provide chain security universally discoverable and verifiable.
Google’s engineering crew posted a listing of AI assault eventualities which are eligible for rewards. These embrace immediate assaults, coaching information extraction, manipulating fashions, adversarial perturbation, and mannequin theft/exfiltration.
