• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
cloudflare opens $3,000 bug bounty program to the public

Cloudflare opens $3,000 bug bounty program to the public

You are here: Home / General Cyber Security News / Cloudflare opens $3,000 bug bounty program to the public
February 3, 2022

Cloudflare, a service provider of web infrastructure and security services, has announced the launch of its public bug bounty application.

Bug hunters and security scientists can now report vulnerabilities uncovered in Cloudflare goods as element of the company’s most current software, which is hosted on HackerOne.

A private bounty application was formerly released in 2018, next a vulnerability disclosure software in 2014. The company compensated $211,512 in bounties all through the life span of this method, with 292 out of the 430 studies receiving a reward.

✔ Approved Seller From Our Partners
Malwarebytes Premium 2022

Protect yourself against all threads using Malwarebytes. Get Malwarebytes Premium with 60% discount from a Malwarebytes official seller SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


Rewards for Cloudflare’s most up-to-date software fluctuate with the severity of the vulnerability. Each and every security flaw is assigned a severity ranking based mostly on the Common Vulnerability Scoring Conventional (CVSS) edition 3.

There is a $3,000 payment for a critical vulnerability report, although superior, medium, and minimal vulnerabilities are well worth $1,000, $500, and $250, respectively. Nevertheless, rewards range for secondary and other targets.

As a way to make vulnerability investigate easier, Cloudflare also made a sandbox known as CumulusFire, which offers a standardized playground for scientists to examination their exploits. The sandbox will also guide Cloudflare’s security groups in reproducing potential exploits for evaluation.

“CumulusFire has previously aided us tackle the continual trickle of reports in which researchers would configure their origin server in an obviously insecure way, further than default or anticipated configurations, and then report that Cloudflare’s WAF does not block an attack. By coverage, we will now only take into account WAF bypasses a vulnerability if it is reproducible on CumulusFire,” described Cloudflare.

A great spot to commence is to refer to the documentation on Cloudflare’s developer and API portals, the Understanding Centre, and its help message boards.

The firm also aims to increase supplemental documentation, screening platforms, and a way for researchers to interact with its security teams to make certain submissions are legitimate.


Some sections of this report are sourced from:
www.itpro.co.uk

Previous Post: «new wave of cyber attacks target palestine with political bait New Wave of Cyber Attacks Target Palestine with Political Bait and Malware
Next Post: New Variant of UpdateAgent Malware Infects Mac Computers with Adware new variant of updateagent malware infects mac computers with adware»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Ugandan Writers Charged with Cyber Stalking President
  • Russian Hackers Allegedly Compromise Ukrainian News Sites, Displaying ‘Z’ Symbol
  • A Third of Malicious Logins Originate in Nigeria
  • Open source dev attacked for spreading data-wiping ‘protestware’
  • Sandworm APT Hunts for ASUS Routers with Cyclops Blink Botnet
  • Arkansas Sues Health System for Abandoning Patient Files
  • Netflix to Charge Password Sharers
  • Hackers Target Bank Networks with new Rootkit to Steal Money from ATM Machines
  • Google Blows Lid Off Conti, Diavol Ransomware Access-Broker Ops
  • Experts Find Some Affiliates of BlackMatter Now Spreading BlackCat Ransomware

Copyright © TheCyberSecurity.News, All Rights Reserved.