Welcome to the this week’s Quotes of the Week: Bug Bounties might not be that useful, Cash registers using the same password since 1990 and more.
Bug Bounties Might Not be That Useful After All
“The researchers found that paying security specialists, whether with kudos or cash, does work, but primarily by finding and removing from the vulnerability pool the low-hanging fruit of software security—the easy-to-find bugs.”
Research undertaken by economics and policy researchers at the Massachusetts Institute of Technology, Harvard University, Facebook and vulnerability-management service provider HackerOne have found that paying security specialists, does work, but the researchers tend to only find and report the easiest to find bugs rather than the the more difficult bugs. Using a type of analysis known as system dynamics modeling, the researchers studied the incentives for each of the people or parties involved in the software development and vulnerability mitigation processes. The research also suggested that paying security specialists to create tools to find classes of vulnerabilities had a more significant impact on software security in the model. Read More Here.
Bug in IoS Apps
“At least 20,000 apps use AFNetworking, which is a bit of open source code.”
The bug in iOS apps was discovered recently. It affects up to 20,000 apps but it’s believed that only about 1,000 apps are vulnerable to attack by hackers. You can check what apps are vulnerable by consulting this list here. Read More Here.
Microsoft expands its Bug Bounty Programme
“If issues are identified that meet the eligibility requirements, the finder can be rewarded for their work that helps makes Azure a more secure platform for all.”
Microsoft are expanding the Bug Bounty programme to include Microsoft Azure (it’s cloud platform) and Office Sway. Both have been added to it’s Online Services Bug Bounty Programme. As well as that Project Spartan which will be Internet Explorer’s successor in Windows 10 has also got it’s own bug bounty programme. Microsoft were a late-comer to the Bug Bounty programme but the company has paid big payouts (up to $100,000 in some cases). Read More Here.
Another Type of Testing
“The upcoming Autopilot features that will allow for 90% hands-free driving is an especially important feature that will put Tesla on par with other cutting-edge electric automakers”
Telsa, the company who have made a number of rockets for travel to the Space Station, are developing their own automatic drive car. The company have been testing it on Californian road recently. You can see some of the results in the link. Read More Here.
Cash Register Maker Used Same Passwords Since 1990
“This is the default password for one of the largest manufacturers of point of sale equipment and has been since at least 1990”
Security researcher Charles Henderson along with his collogue David Byrne have discovered that one of the largest manufactures of Point-of-Sale (PoS) Cash registers have been using the same password since 1990. What’s worse is that the practise has spread to other companies. The pair revealed their research at the recent RSA security conference in San Francisco. Read More Here.