In recent weeks, Google has once again stepped up to theplate of information security by demonstrating that they are a responsiblesoftware vendor. First, the company dramatically increased their bounty onvulnerability discovery, incentivizing white-hat hackers to discover black-boxissues within their entire suite of products. Next, Google took a strong standtoward information security awareness, reminding customers to maintain arelatively complex personal password policy for all online services.
Microsoft was not far behind, initiating a bug bountyprogram with substantial payouts – up to $100,000 per discovery – fordiscovering vulnerabilities across all layers of their product stack includingcore security services, OS and browser, and individual applications. Unlikeprevious “BlueHat” programs, this appears to be a perpetual offering, and willinclude both production and beta-release software to help ensure that softwaregoes gold with minimal security vulnerabilities.
]]>
No comments:
Post a Comment