Threat Intelligence
6/7/2017
06:20 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Centrify Fortifies Platform Security with Bugcrowd Bug Bounty Program

Centrify to award up to $3,000 per vulnerability to ensure the security of the Centrify Identity Services platform.

SAN FRANCISCO – Centrify, the leader in securing hybrid enterprises through the power of identity, today launched a public bug bounty program with Bugcrowd, the leader in crowdsourced security testing. Building on the success of its private, on-demand program, the public program will leverage more than 50,000 security researchers on the Bugcrowd platform to reinforce the security of the Centrify Identity Services platform. Centrify Identity Services secures each user’s access to apps, endpoints and infrastructure through single sign-on, multifactor authentication and privileged identity management.  

Centrify will reward security researchers between $100 - $3,000 USD per bug identified—depending on impact and severity of vulnerabilities identified in our Application Services, Infrastructure Services and corporate website.

"As a leader in identity services, it is incumbent upon us to fully vet the security on our platform to ensure that each user’s access to apps and infrastructure is secure and that we continue to deliver the best solutions," explains Raun Nohavitza, senior director of IT at Centrify. "Bugcrowd’s platform, organization, experience with triage and relationship with the security community make their bounty program very attractive. With Bugcrowd we’re not only doing the right thing for our security offerings in the best way possible, but we’re also getting consistent administration and management for our ongoing program."

At Bugcrowd security expertise is built into the design, support and management of every program. Bugcrowd’s easy-to-use platform connects organizations with a curated crowd of tens of thousands of researchers for quicker identification of vulnerabilities, while its experienced team manages programs every step of the way to ensure organizations see results.

"The explosion of online business has increased the opportunities for adversaries, which makes a strong security stance more important than ever," said Casey Ellis, CEO and founder of Bugcrowd. "Centrify is clearly demonstrating their commitment to keeping their customers secure by proactively engaging the help of the white-hat hacker community through the Bugcrowd platform. Bug bounty programs have emerged as the most effective and efficient way to secure the delivery of products and services, and we are proud to manage their bug bounty program."

To learn more about Centrify’s public bug bounty program or to participate, visit bugcrowd.com/centrify.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
5 Reasons the Cybersecurity Labor Shortfall Won't End Soon
Steve Morgan, Founder & CEO, Cybersecurity Ventures,  12/11/2017
BlueBorne Attack Highlights Flaws in Linux, IoT Security
Kelly Sheridan, Associate Editor, Dark Reading,  12/14/2017
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
The Year in Security: 2017
A look at the biggest news stories (so far) of 2017 that shaped the cybersecurity landscape -- from Russian hacking, ransomware's coming-out party, and voting machine vulnerabilities to the massive data breach of credit-monitoring firm Equifax.
Flash Poll
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
Enterprises are spending more of their IT budgets on cybersecurity technology. How do your organization's security plans and strategies compare to what others are doing? Here's an in-depth look.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.