Threat Intelligence

6/7/2017
06:20 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Centrify Fortifies Platform Security with Bugcrowd Bug Bounty Program

Centrify to award up to $3,000 per vulnerability to ensure the security of the Centrify Identity Services platform.

SAN FRANCISCO – Centrify, the leader in securing hybrid enterprises through the power of identity, today launched a public bug bounty program with Bugcrowd, the leader in crowdsourced security testing. Building on the success of its private, on-demand program, the public program will leverage more than 50,000 security researchers on the Bugcrowd platform to reinforce the security of the Centrify Identity Services platform. Centrify Identity Services secures each user’s access to apps, endpoints and infrastructure through single sign-on, multifactor authentication and privileged identity management.  

Centrify will reward security researchers between $100 - $3,000 USD per bug identified—depending on impact and severity of vulnerabilities identified in our Application Services, Infrastructure Services and corporate website.

"As a leader in identity services, it is incumbent upon us to fully vet the security on our platform to ensure that each user’s access to apps and infrastructure is secure and that we continue to deliver the best solutions," explains Raun Nohavitza, senior director of IT at Centrify. "Bugcrowd’s platform, organization, experience with triage and relationship with the security community make their bounty program very attractive. With Bugcrowd we’re not only doing the right thing for our security offerings in the best way possible, but we’re also getting consistent administration and management for our ongoing program."

At Bugcrowd security expertise is built into the design, support and management of every program. Bugcrowd’s easy-to-use platform connects organizations with a curated crowd of tens of thousands of researchers for quicker identification of vulnerabilities, while its experienced team manages programs every step of the way to ensure organizations see results.

"The explosion of online business has increased the opportunities for adversaries, which makes a strong security stance more important than ever," said Casey Ellis, CEO and founder of Bugcrowd. "Centrify is clearly demonstrating their commitment to keeping their customers secure by proactively engaging the help of the white-hat hacker community through the Bugcrowd platform. Bug bounty programs have emerged as the most effective and efficient way to secure the delivery of products and services, and we are proud to manage their bug bounty program."

To learn more about Centrify’s public bug bounty program or to participate, visit bugcrowd.com/centrify.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Higher Education: 15 Books to Help Cybersecurity Pros Be Better
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/12/2018
Worst Password Blunders of 2018 Hit Organizations East and West
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/12/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
10 Best Practices That Could Reshape Your IT Security Department
This Dark Reading Tech Digest, explores ten best practices that could reshape IT security departments.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-20161
PUBLISHED: 2018-12-15
A design flaw in the BlinkForHome (aka Blink For Home) Sync Module 2.10.4 and earlier allows attackers to disable cameras via Wi-Fi, because incident clips (triggered by the motion sensor) are not saved if the attacker's traffic (such as Dot11Deauth) successfully disconnects the Sync Module from the...
CVE-2018-20159
PUBLISHED: 2018-12-15
i-doit open 1.11.2 allows Remote Code Execution because ZIP archives are mishandled. It has an upload feature that allows an authenticated user with the administrator role to upload arbitrary files to the main website directory. Exploitation involves uploading a ".php" file within a "...
CVE-2018-20157
PUBLISHED: 2018-12-15
The data import functionality in OpenRefine through 3.1 allows an XML External Entity (XXE) attack through a crafted (zip) file, allowing attackers to read arbitrary files.
CVE-2018-20154
PUBLISHED: 2018-12-14
The WP Maintenance Mode plugin before 2.0.7 for WordPress allows remote authenticated users to discover all subscriber e-mail addresses.
CVE-2018-20155
PUBLISHED: 2018-12-14
The WP Maintenance Mode plugin before 2.0.7 for WordPress allows remote authenticated subscriber users to bypass intended access restrictions on changes to plugin settings.