Repository of articles
News Archive
-
2023Industry launches hacking policy council, legal defense fund to support security research and disclosures SC Media Derek B. Johnson April 13, 2023 https://www.scmagazine.com/news/leadership/hacking-policy-council-launched-to-support-security-research-and-disclosures Tech Companies Unveil New Hacking Policy Council, Legal Defense Fund for Researchers Decipher Dennis Fisher April 13, 2023 https://duo.com/decipher/tech-companies-unveil-new-hacking-policy-council-legal-defense-fund-for-researchers OpenAI launches bug bounty program with Bugcrowd TechTarget Alexander Culafi April 12, 2023 https://www.techtarget.com/searchsecurity/news/365535122/OpenAI-launches-bug-bounty-program-with-Bugcrowd Think ransomware gangs won't thrive this year? Think again, experts say The Washington Post Tim Starks March 30, 2023 https://www.washingtonpost.com/politics/2023/03/30/think-ransomware-gangs-wont-thrive-this-year-think-again-experts-say/
-
2022Katie Moussouris on where bug bounties went wrong Security Conversations Ryan Naraine December 8, 2022 https://securityconversations.com/episode/katie-moussouris-on-where-bug-bounties-went-wrong/ How to build a public profile as a cybersecurity pro CSO Samira Sarraf November 29, 2022 https://www.csoonline.com/article/3680390/how-to-build-a-public-profile-as-a-cybersecurity-pro.html For cyber experts, disinformation overshadows cyberthreats in midterms The Washington Post: Cybersecurity 202 Tim Starks October 31, 2022 https://www.washingtonpost.com/politics/2022/10/31/cyber-experts-disinformation-overshadows-cyberthreats-midterms/ This Hacker Is Trying to Close the Gender Pay Gap in Cybersecurity VICE Chloe Xiang September 14, 2022 https://www.vice.com/en/article/xgyvza/this-hacker-is-trying-to-close-the-gender-pay-gap-in-cybersecurity https://youtu.be/QgX_iKNbFaM Bug Bounty Botox – Why You Need a Security Process First InfoSecurity Magazine Sean Michael Kerner August 12, 2022 https://www.infosecurity-magazine.com/news/bhusa-bug-bounty-botox/ For Bug Bounties, 'Knowing is less than half the battle’ Decipher Dennis Fisher August 11, 2022 https://duo.com/decipher/for-bug-bounties-knowing-is-less-than-half-the-battle As Black Hat kicks off, the US government is getting the message on hiring security talent The Register Iain Thomson August 10, 2022 https://www.theregister.com/2022/08/10/us_security_hiring/ Why Bug-Bounty Programs Are Failing Everyone Dark Reading Ericka Chickowski July 29, 2022 https://www.darkreading.com/black-hat/why-bug-bounty-programs-failing-everyone Experts: California lacked safeguards for gun owner info Associated Press Don Thompson July 1, 2022 https://apnews.com/article/technology-california-gun-politics-violence-government-and-3a7b488f69a0ba949923ceb382c4838a Security experts break down exactly why you shouldn't share your passwords: 'It's really dangerous' Yahoo! News May 10, 2022 https://www.yahoo.com/lifestyle/why-you-shouldnt-share-passwords-yahoo-subscriptions-011927368.html Musk's plans to make Twitter's algorithms public raises disinformation conundrum CyberScoop Tonya Riley April 26, 2022 https://www.cyberscoop.com/elon-musk-twitter-algorithm-open-source-disinfomation/ Attacking rival, Google says Microsoft’s hold on government security is a problem NBC News Kevin Collier March 31, 2022 https://www.nbcnews.com/tech/security/attacking-rival-google-says-microsofts-hold-government-security-proble-rcna22159 Russia may be primed to hack America’s infrastructure Yahoo! Finance Daniel Howley February 24, 2022 https://finance.yahoo.com/news/russia-may-be-primied-to-hack-americas-infrastructure-182256545.html Most cyber pros give thumbs down to the EARN IT Act The Washington Post: Cybersecurity 202 Joseph Marks February 23, 2022 https://www.washingtonpost.com/politics/2022/02/23/most-cyber-pros-give-thumbs-down-earn-it-act/ Tracking cyber’s role in the Russia-Ukraine conflict Politico Sam Sabin 02/14/2022 https://www.politico.com/newsletters/weekly-cybersecurity/2022/02/14/tracking-cybers-role-in-the-russia-ukraine-conflict-00008520 Senators aren't swayed by Apple's security arguments The Washington Post: Cybersecurity 202 Joseph Marks February 4, 2022 https://www.washingtonpost.com/politics/2022/02/04/senators-arent-swayed-by-apple-security-arguments/ New DHS Cyber Safety Review Board will investigate major incidents CNN Geneva Sands and Sean Lyngaas February 3, 2022 https://www.cnn.com/2022/02/03/politics/dhs-cybersecurity-review-board-major-incidents/index.html Homeland Security establishes the Cyber Safety Review Board to learn the mistakes from past cyber incidents TechCrunch Carly Page February 3, 2022 https://techcrunch.com/2022/02/03/homeland-security-cyber-safety-review-board/ Is Russia or China the biggest cyber threat? Experts are split The Washington Post: Cybersecurity 202 Joseph Marks January 20, 2022 https://www.washingtonpost.com/politics/2022/01/20/is-russia-or-china-biggest-cyber-threat-experts-are-split/ Google says open source software should be more secure The Register Thomas Claburn January 14, 2022 https://www.theregister.com/2022/01/14/google_says_open_source_software/ The FTC Wants Companies to Find Log4j Fast. It Won't Be So Easy Wired Chris Stokel-Walker January 10, 2022 https://www.wired.co.uk/article/lo4j-ftc-vulnerability
-
2021Agencies get Christmas Eve deadline to address ‘extremely concerning’ vulnerability Federal News Network Justin Doubleday December 15, 2021 https://federalnewsnetwork.com/cybersecurity/2021/12/agencies-get-christmas-eve-deadline-to-address-extremely-concerning-vulnerability/ US government to offer up to $5,000 'bounty' to hackers to identify cyber vulnerabilities CNN Geneva Sands December 14, 2021 https://www.cnn.com/2021/12/14/politics/dhs-bug-bounty-hackers-cyber-vulnerabilities/index.html A Log4J Vulnerability Has Set the Internet 'On Fire' Wired Magazine Lily Hay Newman December 10, 2021 https://www.wired.com/story/log4j-flaw-hacking-internet/ Vast majority of our Network cyber experts favor mandates to report hacks The Washington Post: Cybersecurity 202 Joseph Marks December 6, 2021 https://www.washingtonpost.com/politics/2021/12/06/vast-majority-our-network-cyber-experts-favor-mandates-report-hacks/ The Matrix Is the Best Hacker Movie Wired Magazine Andy Greenberg December 1, 2021 https://www.wired.com/story/matrix-best-hacker-movie/ Q&A: Ciaran Martin InfoSecurity Magazine Eleanor Dallaway November 25, 2021 https://www.infosecurity-magazine.com/interviews/qa-ciaran-martin/ NIST workshop provides clues to upcoming software supply chain security guidelines CSO Magazine Cynthia Brumfield November 23, 2021 https://www.csoonline.com/article/3641888/nist-workshop-provides-clues-to-upcoming-software-supply-chain-security-guidelines.html Reporter who notified Missouri officials of website flaw did 'nothing out of line,' emails show StateScoop Benjamin Freed October 27, 2021 https://statescoop.com/missouri-parson-reporter-did-nothing-wrong/ The U.S. cyber workforce gap is getting bigger The Washington Post / Cybersecurity 202 Joseph Marks October 26, 2021 https://www.washingtonpost.com/politics/2021/10/26/us-cyber-workforce-gap-is-getting-bigger/ Announcing the 2021 CyberScoop 50 awards winners CyberScoop Staff October 18, 2021 https://www.cyberscoop.com/announcing-2021-cyberscoop-50-award-winners/ Missouri governor accuses newspaper of 'hacking' state website StateScoop Benjamin Freed October 14, 2021 https://statescoop.com/missouri-parson-accuses-newspaper-hacking/ Zero-day hunters seek laws to prevent vendors suing them for helping out and doing their jobs The Register Simon Sharwood October 11, 2021 https://www.theregister.com/2021/10/11/cyan_zero_day_legislative_project/ Apple admits iOS 15 has unpatched iPhone security flaws BGR Yoni Heisler September 28, 2021 https://bgr.com/tech/apple-admits-ios-15-has-unpatched-iphone-security-flaws/ Apple ‘Still Investigating’ Unpatched and Public iPhone Vulnerabilities VICE Lorenzo Franceschi-Bicchierai September 27, 2021 https://www.vice.com/en/article/g5gan4/apple-still-investigating-unpatched-and-public-iphone-vulnerabilities An American Company Fears Its Windows Hacks Helped India Spy On China And Pakistan Forbes Thomas Brewster September 17, 2021 https://www.forbes.com/sites/thomasbrewster/2021/09/17/exodus-american-tech-helped-india-spy-on-china/?sh=10cc480e7009 It's not just you: Emergency software patches are on the rise NBC News Kevin Collier September 14, 2021 https://www.nbcnews.com/news/amp/rcna2012 'Zero-day' hacks, like the one that forced Apple’s emergency update, are on the rise Yahoo! News Kevin Collier September 14, 2021 https://news.yahoo.com/not-just-emergency-software-patches-210914306.html Apple's bug bounty program is coming under criticism - here's why MSN Mayank Sharma September 10, 2021 https://www.msn.com/en-us/news/technology/apples-bug-bounty-program-is-coming-under-criticism-heres-why/ar-AAOixSp Infosec researchers say Apple’s bug-bounty program needs work Ars Technica Jim Salter September 9, 2021 https://arstechnica.com/information-technology/2021/09/infosec-researchers-say-apples-bug-bounty-program-needs-work/ Apple pays hackers six figures to find bugs in its software. Then it sits on their findings. The Washington Post Reed Albergotti September 9, 2021 https://www.washingtonpost.com/technology/2021/09/09/apple-bug-bounty/ 'Drive It Like You Stole It: When Bug Bounties Went Boom, Part Three Decipher Dennis Fisher September 1, 2021 https://duo.com/decipher/you-got-to-drive-it-like-you-stole-it-when-bug-bounties-went-boom-part-three Uprising in the Valley: When Bug Bounties Went Boom, Part Two Decipher Dennis Fisher August 31, 2021 https://duo.com/decipher/uprising-in-the-valley-when-bug-bounties-went-boom-part-two Lawyers, Bugs, and Money: When Bug Bounties Went Boom Decipher Dennis Fisher August 30, 2021 https://duo.com/decipher/lawyers-bugs-and-money-when-bug-bounties-went-boom As Fortinet spars with Rapid7, what can everyone else learn about disclosure? SC Media Joe Uchill August 18, 2021 https://www.scmagazine.com/analysis/vulnerability-management/as-fortinet-spars-with-rapid7-what-can-everyone-else-learn-about-disclosure Apple says its CSAM scan code can be verified by researchers. Corellium starts throwing out dollar bills The Register Thomas Claburn August 17, 2021 https://www.theregister.com/2021/08/17/corellium_apple_bounty/ Ministry of Defence makes first ever bounty payments to hackers Sky News Alexander Martin August 3, 2021 https://news.sky.com/story/ministry-of-defence-makes-first-ever-bounty-payments-to-hackers-12371510 A Controversial Tool Calls Out Thousands of Hackable Websites Wired Andy Greenberg July 27, 2021 https://wired.me/technology/security/controversial-tool-punkspider-calls-out-hackable-websites/ The Cybersecurity 202: Cyber experts give Biden top marks at six months The Washington Post Joseph Marks July 26, 2021 https://www.washingtonpost.com/politics/2021/07/26/cybersecurity-202-cyber-experts-give-biden-top-marks-six-months/ So nice of China to put all of its network zero-day vulns in one giant database no one will think to break into The Register Iain Thomson July 15, 2021 https://www.theregister.com/2021/07/15/china_vulnerability_law/ Firm hacked to spread ransomware had previous security flaws Associated Press Matt O'Brien July 13, 2021 https://apnews.com/article/europe-business-technology-hacking-db3e5f615629bb225259efaf7fdf378c AWS launches BugBust contest: Help fix a $100m problem for a $12 tshirt The Register Thomas Claburn June 25, 2021 https://www.theregister.com/2021/06/25/aws_bugbust_contest/ Cybersecurity Companies Join Forces Against Controversial DMCA SecurityWeek Eduard Kovacs June 24, 2021 https://www.securityweek.com/cybersecurity-companies-join-forces-against-controversial-dmca-section Katie Moussouris: Coordinated Vulnerability Disclosure and the Problem with Bug Bounty Platforms TechSpective Podcast Episode 067 Tony Bradley June 21, 2021 https://securityboulevard.com/2021/06/katie-moussouris-coordinated-vulnerability-disclosure-and-the-problem-with-bug-bounty-platforms/ Cybersecurity 202: The Biden administration aims big on cybersecurity spending Washington Post Joseph Marks June 1, 2021 https://www.washingtonpost.com/politics/2021/06/01/cybersecurity-202-biden-administration-aims-big-cybersecurity-spending/ NTIA Wants Feedback on Software Transparency Plan NextGov Mariam Baksh June 1, 2021 https://www.nextgov.com/cybersecurity/2021/06/ntia-wants-feedback-plan-software-transparency-plan/174429/ House bill would require federal contractors to put in place vulnerability disclosure programs SC Media Joe Uchill June 1, 2021 https://www.scmagazine.com/home/government/bill-would-require-contractors-to-have-vulnerability-disclosure-programs/ Security experts break down exactly why you shouldn't share your passwords: 'It's really dangerous' Yahoo! News Korin Miller May 20, 2021 https://news.yahoo.com/news/why-you-shouldnt-share-passwords-yahoo-subscriptions-011927368.html How to 'be vigilant' and protect your digital assets from getting hacked Yahoo Finance Alexis Keenan April 29, 2021 https://finance.yahoo.com/news/how-to-protect-your-digital-assets-from-getting-hacked-164012380.html The Cybersecurity 202: Nearly two-thirds of cybersecurity experts think Biden’s response to Russian hack is sufficient Washington Post Tonya Riley April 26, 2021 https://www.washingtonpost.com/politics/2021/04/26/cybersecurity-202-nearly-two-thirds-cybersecurity-experts-think-biden-response-russian-hack-is-sufficient/ In Appreciation: Dan Kaminsky Dark Reading Kelly Jackson Higgins April 26, 2021 https://www.darkreading.com/vulnerabilities---threats/in-appreciation-dan-kaminsky/d/d-id/1340830?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple A Clubhouse Bug Let People Lurk in Rooms Invisibly Wired Lily Hay Newman April 21, 2021 https://www.wired.com/story/clubhouse-bug-lurkers-ghost/ University duo thought it would be cool to sneak bad code into Linux as an experiment. Of course, it absolutely backfired The Register Thomas Claburn April 21, 2021 https://www.theregister.com/2021/04/21/minnesota_linux_kernel_flaws_update/ What to Do After a Data Breach Consumer Reports Yael Grauer April 12, 2021 https://www.consumerreports.org/data-theft/what-to-do-after-a-data-breach/ For US cyber defense, helpful hackers are only half the battle The Hill Katie Moussouris Op-ed March 17, 2021 https://thehill.com/opinion/technology/543464-for-us-cyber-defense-helpful-hackers-are-only-half-the-battle GitHub removes researcher's Exchange Server exploit, sparking industry debate CyberScoop Sean Lyngaas March 11, 2021 https://www.cyberscoop.com/github-exploit-exchange-server-microsoft/ It’s Open Season for Microsoft Exchange Server Hacks Wired Lily Hay Newman March 10, 2021 https://www.wired.com/story/microsoft-exchange-patch-hacks-ransomware/ Casting a wide intrusion net: Dozens of companies, agencies were burned with a single hack The Dallas Morning News/Associated Press Frank Bajak March 8, 2021 https://www.dallasnews.com/business/2021/03/08/casting-a-wide-intrusion-net-dozens-of-companies-agencies-were-burned-with-a-single-hack/ The Cybersecurity 202: Here's what cybersecurity experts think Biden should prioritize in his first 100 days The Washington Post Tonya Riley February 1, 2021 https://www.washingtonpost.com/politics/2021/02/01/cybersecurity-202-here-what-cybersecurity-experts-think-biden-should-prioritize-his-first-100-days/ Apple warns of "remote attacker" security threat on iPhone and iPad, releases iOS 14.4 update CBS News Cassidy McDonald January 27, 2021 https://www.cbsnews.com/news/apple-update-iphone-security-ios-14-4/ Survey says, women in cyber make 31 percent less than men SC Magazine Bradley Barth January 6, 2021 https://www.scmagazine.com/women-in-it-security/survey-says-women-in-cyber-make-31-percent-less-than-men/
-
2020Cyber leaders back Biden’s DHS pick Politico Martin Matishak December 21, 2020 https://www.politico.com/newsletters/weekly-cybersecurity/2020/12/21/cyber-leaders-back-bidens-dhs-pick-792428 The Cybersecurity 202: Trump took the nation in the wrong direction on cybersecurity, experts say The Washington Post Joseph Marks December 15, 2020 https://www.washingtonpost.com/politics/2020/12/15/cybersecurity-202-trump-took-nation-wrong-direction-cybersecurity-experts-say/ HackerOne, Verizon Media weigh pros and cons of making live hacking contests virtual CyberScoop Tim Starks December 14, 2020 https://www.cyberscoop.com/hackerone-verizon-bug-bounties-hacking/ U.S. Supreme Court to Weigh Anti-Hacking Law’s Limits on Access Bloomberg Law Andrea Vittorio November 27, 2020 https://news.bloomberglaw.com/privacy-and-data-security/u-s-supreme-court-to-weigh-anti-hacking-laws-limits-on-access?context=article-related S3 Ep8: A conversation with Katie Moussouris [Podcast] Naked Security – Sophos Paul Ducklin November 25, 2020 https://nakedsecurity.sophos.com/2020/11/25/s3-ep8-a-conversation-with-katie-moussouris/ Firing of security official draws bipartisan rebuke Axios Ina Fried November 18, 2020 https://www.axios.com/firing-security-official-christopher-krebs-draws-bipartisan-rebuke-18e6953a-ada3-421a-8c50-65b0ebc09ef5.html Trump Fires Christopher Krebs, Head of CISA Bank Info Security Jeremy Kirk November 17, 2020 https://www.bankinfosecurity.com/trump-fires-christopher-krebs-head-cisa-a-15386 How to Make the Most of Your Budding Cybersecurity Career Government Technology Cisco November 12, 2020 https://www.govtech.com/security/How-to-Make-the-Most-of-Your-Budding-Cybersecurity-Career.html Zoom deceived users about the privacy of their calls, FTC Mashable Jack Morse November 9, 2020 https://mashable.com/article/zoom-settlement-federal-trade-commission-encryption-misled-users/ Apple Fixes iOS Zero Day Flaws Found by Google Bank Info Security Jeremy Kirk November 5, 2020 https://www.bankinfosecurity.com/apple-fixes-ios-zero-day-flaws-found-by-google-a-15317 Did a Security Researcher Really Access Trump’s Twitter Account? PC Mag Michael Kan October 22, 2020 https://www.pcmag.com/news/did-a-security-researcher-really-access-trumps-twitter-account Grindr's Bug Bounty Pledge Doesn't Translate to Security Threatpost Lindsey O’Donnell October 6, 2020 https://threatpost.com/grindrs-bug-bounty-pledge-security/159893/ It’s No ‘Giggle’: Managing Expectations for Vulnerability Disclosure Threatpost Tara Seals September 11, 2020 https://threatpost.com/giggle-managing-expectations-vulnerability-disclosure/159039/ CISA Issues Final Order on Federal Vulnerability Disclosure, But Questions Remain Dennis Fisher Decipher September 4, 2020 https://duo.com/decipher/cisa-issues-final-order-on-federal-vulnerability-disclosure-but-questions-remain Fb to warn third-party developers of vulnerable code TechCrunch Zack Whittaker & Sarah Perez September 3, 2020 https://techcrunch.com/2020/09/03/facebook-vulnerable-code/ Homeland Security demands a 911 for reporting security holes in federal networks: 'Vulns in internet systems cause real-world impacts' Thomas Claburn The Register September 2, 2020 https://www.theregister.com/2020/09/03/us_bug_bounty/ So You Want to Build a Vulnerability Disclosure Program? Mathew J. Schwartz InfoRiskToday August 20, 2020 https://www.inforisktoday.com/so-you-want-to-build-vulnerability-disclosure-program-a-14859 Microsoft forked out $13.7m in bug bounties. The reward program's architect thinks the money could be better spent The Register Shaun Nichols August 4, 2020 https://www.theregister.com/2020/08/04/microsoft_137_bug_bounties/
Katie Moussouris on where bug bounties went wrong
Security Conversations / Ryan Naraine
December 8, 2022
For cyber experts, disinformation overshadows cyberthreats in midterms
The Washington Post: Cybersecurity 202 / Tim Starks / October 31, 2022
This Hacker Is Trying to Close the Gender Pay Gap in Cybersecurity
VICE / Chloe Xiang / September 14, 2022
Bug Bounty Botox – Why You Need a Security Process First
InfoSecurity Magazine / Sean Michael Kerner / August 12, 2022
For Bug Bounties, 'Knowing is less than half the battle’
Decipher / Dennis Fisher / August 11, 2022
As Black Hat kicks off, the US government is getting the message on hiring security talent
The Register / Iain Thomson / August 10, 2022
Why Bug-Bounty Programs Are Failing Everyone
Dark Reading / Ericka Chickowski / July 29, 2022
Experts: California lacked safeguards for gun owner info
Associated Press / Don Thompson / July 1, 2022
Security experts break down exactly why you shouldn't share your passwords: 'It's really dangerous'
Yahoo! News / May 10, 2022
Musk's plans to make Twitter's algorithms public raises disinformation conundrum
CyberScoop / Tonya Riley / April 26, 2022
Attacking rival, Google says Microsoft’s hold on government security is a problem
NBC News / Kevin Collier / March 31, 2022
Russia may be primed to hack America’s infrastructure
Yahoo! Finance / Daniel Howley / February 24, 2022
Most cyber pros give thumbs down to the EARN IT Act
The Washington Post: Cybersecurity 202 / Joseph Marks / February 23, 2022
Tracking cyber’s role in the Russia-Ukraine conflict
Politico / Sam Sabin / 02/14/2022
Senators aren't swayed by Apple's security arguments
The Washington Post: Cybersecurity 202 / Joseph Marks / February 4, 2022
New DHS Cyber Safety Review Board will investigate major incidents
CNN / Geneva Sands and Sean Lyngaas / February 3, 2022
TechCrunch / Carly Page / February 3, 2022
Is Russia or China the biggest cyber threat? Experts are split
The Washington Post: Cybersecurity 202 / Joseph Marks / January 20, 2022
Google says open-source software should be more secure
The Register / Thomas Claburn / January 14, 2022
The FTC Wants Companies to Find Log4j Fast. It Won't Be So Easy
Wired / Chris Stokel-Walker / January 10, 2022
2021
Agencies get Christmas Eve deadline to address ‘extremely concerning’ vulnerability
Federal News Network / Justin Doubleday / December 15, 2021
US government to offer up to $5,000 'bounty' to hackers to identify cyber vulnerabilities
CNN / Geneva Sands / December 14, 2021
A Log4J Vulnerability Has Set the Internet 'On Fire'
Wired Magazine / Lily Hay Newman / December 10, 2021
The Matrix Is the Best Hacker Movie
Wired Magazine / Andy Greenberg / December 1, 2021
InfoSecurity Magazine / Eleanor Dallaway / November 25, 2021
NIST workshop provides clues to upcoming software supply chain security guidelines
CSO Magazine / Cynthia Brumfield / November 23, 2021
Reporter who notified Missouri officials of website flaw did 'nothing out of line,' emails show
StateScoop / Benjamin Freed / October 27, 2021
The U.S. cyber workforce gap is getting bigger
The Washington Post / Cybersecurity 202 / Joseph Marks / October 26, 2021
Announcing the 2021 CyberScoop 50 awards winners
CyberScoop / Staff / October 18, 2021
Missouri governor accuses newspaper of 'hacking' state website
StateScoop / Benjamin Freed / October 14, 2021
Zero-day hunters seek laws to prevent vendors suing them for helping out and doing their jobs
The Register / Simon Sharwood / October 11, 2021
Apple admits iOS 15 has unpatched iPhone security flaws
BGR / Yoni Heisler / September 28, 2021
Apple ‘Still Investigating’ Unpatched and Public iPhone Vulnerabilities
VICE / Lorenzo Franceschi-Bicchierai / September 27, 2021
An American Company Fears Its Windows Hacks Helped India Spy On China And Pakistan
Forbes / Thomas Brewster / September 17, 2021
It's not just you: Emergency software patches are on the rise
NBC News / Kevin Collier / September 14, 2021
'Zero-day' hacks, like the one that forced Apple’s emergency update, are on the rise
Yahoo! News / Kevin Collier / September 14, 2021
Apple's bug bounty program is coming under criticism - here's why
MSN / Mayank Sharma / September 10, 2021
Infosec researchers say Apple’s bug-bounty program needs work
Ars Technica / Jim Salter / September 9, 2021
Apple pays hackers six figures to find bugs in its software. Then it sits on their findings.
The Washington Post / Reed Albergotti / September 9, 2021
'Drive It Like You Stole It: When Bug Bounties Went Boom, Part Three
Decipher / Dennis Fisher / September 1, 2021
Uprising in the Valley: When Bug Bounties Went Boom, Part Two
Decipher / Dennis Fisher / August 31, 2021
Lawyers, Bugs, and Money: When Bug Bounties Went Boom
Decipher / Dennis Fisher / August 30, 2021
As Fortinet spars with Rapid7, what can everyone else learn about disclosure?
SC Media / Joe Uchill / August 18, 2021
The Register / Thomas Claburn / August 17, 2021
Ministry of Defence makes first ever bounty payments to hackers
Sky News / Alexander Martin / August 3, 2021
A Controversial Tool Calls Out Thousands of Hackable Websites
Wired / Andy Greenberg / July 27, 2021
The Cybersecurity 202: Cyber experts give Biden top marks at six months
The Washington Post / Joseph Marks / July 26, 2021
The Register / Iain Thomson / July 15, 2021
Firm hacked to spread ransomware had previous security flaws
Associated Press / Matt O'Brien / July 13, 2021
AWS launches BugBust contest: Help fix a $100m problem for a $12 tshirt
The Register / Thomas Claburn / June 25, 2021
Cybersecurity Companies Join Forces Against Controversial DMCA
SecurityWeek / Eduard Kovacs / June 24, 2021
Katie Moussouris: Coordinated Vulnerability Disclosure and the Problem with Bug Bounty Platforms
TechSpective Podcast Episode 067 / Tony Bradley / June 21, 2021
Cybersecurity 202: The Biden administration aims big on cybersecurity spending
Washington Post / Joseph Marks / June 1, 2021
NTIA Wants Feedback on Software Transparency Plan
NextGov / Mariam Baksh / June 1, 2021
House bill would require federal contractors to put in place vulnerability disclosure programs
SC Media / Joe Uchill / June 1, 2021
Security experts break down exactly why you shouldn't share your passwords: 'It's really dangerous'
Yahoo! News / Korin Miller / May 20, 2021
How to 'be vigilant' and protect your digital assets from getting hacked
Yahoo Finance / Alexis Keenan / April 29, 2021
Washington Post / Tonya Riley / April 26, 2021
Dark Reading / Kelly Jackson Higgins / April 26, 2021
A Clubhouse Bug Let People Lurk in Rooms Invisibly
Wired / Lily Hay Newman / April 21, 2021
The Register / Thomas Claburn / April 21, 2021
What to Do After a Data Breach
Consumer / Reports / Yael Grauer / April 12, 2021
For US cyber defense, helpful hackers are only half the battle
The Hill / Katie Moussouris Op-ed / March 17, 2021
GitHub removes researcher's Exchange Server exploit, sparking industry debate
CyberScoop / Sean Lyngaas / March 11, 2021
It’s Open Season for Microsoft Exchange Server Hacks
Wired / Lily Hay Newman / March 10, 2021
Casting a wide intrusion net: Dozens of companies, agencies were burned with a single hack
The Dallas Morning News/Associated Press / Frank Bajak / March 8, 2021
The Washington Post / Tonya Riley / February 1, 2021
Apple warns of "remote attacker" security threat on iPhone and iPad, releases iOS 14.4 update
CBS News / Cassidy McDonald / January 27, 2021
Survey says, women in cyber make 31 percent less than men
SC Magazine / Bradley Barth / January 6, 2021
2020
Cyber leaders back Biden’s DHS pick
Politico / Martin Matishak / December 21, 2020
The Cybersecurity 202: Trump took the nation in the wrong direction on cybersecurity, experts say
The Washington Post / Joseph Marks / December 15, 2020
HackerOne, Verizon Media weigh pros and cons of making live hacking contests virtual
CyberScoop / Tim Starks / December 14, 2020
U.S. Supreme Court to Weigh Anti-Hacking Law’s Limits on Access
Bloomberg Law / Andrea Vittorio / November 27, 2020
S3 Ep8: A conversation with Katie Moussouris [Podcast]
Naked Security – Sophos / Paul Ducklin / November 25, 2020
Firing of security official draws bipartisan rebuke
Axios / Ina Fried / November 18, 2020
Trump Fires Christopher Krebs, Head of CISA
Bank Info Security / Jeremy Kirk / November 17, 2020
How to Make the Most of Your Budding Cybersecurity Career
Government Technology / Cisco / November 12, 2020
Zoom deceived users about the privacy of their calls, FTC
Mashable / Jack Morse / November 9, 2020
Apple Fixes iOS Zero Day Flaws Found by Google
Bank Info Security / Jeremy Kirk / November 5, 2020
Did a Security Researcher Really Access Trump’s Twitter Account?
PC Mag / Michael Kan / October 22, 2020
Grindr's Bug Bounty Pledge Doesn't Translate to Security
Threatpost / Lindsey O’Donnell / October 6, 2020
It’s No ‘Giggle’: Managing Expectations for Vulnerability Disclosure
Threatpost / Tara Seals / September 11, 2020
CISA Issues Final Order on Federal Vulnerability Disclosure, But Questions Remain
Dennis Fisher / Decipher / September 4, 2020
Fb to warn third-party developers of vulnerable code
TechCrunch / Zack Whittaker & Sarah Perez / September 3, 2020
Thomas Claburn / The Register / September 2, 2020