Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Advertise

About Us

Author

Profile of Jason Haddix

Vice President of Researcher Growth at Bugcrowd

Member Since: 12/15/2016
Author
News & Commentary Posts: 3
Comments: 0

Jason is the head of trust and security at Bugcrowd. Jason works with clients and security researchers to create high value, sustainable, and impactful bug bounty programs. He also works with Bugcrowd to improve the security industry's relations with researchers. Jason's interests and areas of expertise include mobile penetration testing, black box Web application auditing, network/infrastructural security assessments, and static analysis. Before joining Bugcrowd, Jason was the director of penetration testing for HP Fortify, and also held the #1 rank on the Bugcrowd leaderboard for 2014.

Articles by Jason Haddix

View Content By Month

Your Life Is the Attack Surface: The Risks of IoT

1/8/2019
To protect yourself, you must know where you're vulnerable — and these tips can help.
Post a Comment

Private, Public, or Hybrid? Finding the Right Fit in a Bug Bounty Program

10/5/2017
How can a bug bounty not be a bug bounty? There are several reasons. Here's why you need to understand the differences.
Post a Comment

The Bug Bounty Model: 21 Years & Counting

12/29/2016
A look back on the beginnings of crowdsourced vulnerability assessment and how its robust history is paving the way for the future.
Post a Comment

Editors' Choice

What the FedEx Logo Taught Me About Cybersecurity

Matt Shea, Head of Federal @ MixMode, 6/4/2021

Phishing Emails Remain in User Inboxes Over 3 Days Before They're Removed

Jai Vijayan, Contributing Writer, 6/2/2021

A View From Inside a Deception

Sara Peters, Senior Editor at Dark Reading, 6/2/2021

Live Events

Webinars

@Hack - November 28-30, 2021 Saudi Arabia - Learn More

Black Hat USA 2021 - July 31-August 5 - Learn More

Dark Reading June 24 Virtual Event a free, online conference. LEARN MORE

More Informa Tech Live Events

White Papers

2021 Application Security Statistics Report Vol.2

The State of Endpoint Security

Tech Insights: Detecting and Preventing Insider Data Leaks

Stop Malicious Bots For Good: How Better Bot Management Maximizes Your ROI

Must-Read Research: Why Sustainable 5G Networks are a 150-Year-Old Problem

More White Papers

Cartoon

Post a Comment

Cartoon Archive

Current Issue

The State of Cybersecurity Incident Response

In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.

Download This Issue!

Back Issues | Must Reads

Flash Poll

All Polls

Reports

Battle for the Endpoint

How to build a new cyber strategy for 2021 and beyond.

Download Now!

How Enterprises are Developing Secure Applications

0 comments

Assessing Cybersecurity Risk in Today's Enterprises

0 comments

The Malware Threat Landscape

0 comments

More Reports

Twitter Feed

Tweets about "from:DarkReading OR @DarkReading"

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2021-23394
PUBLISHED: 2021-06-13

The package studio-42/elfinder before 2.1.58 are vulnerable to Remote Code Execution (RCE) via execution of PHP code in a .phar file. NOTE: This only applies if the server parses .phar files as PHP.

CVE-2021-34682
PUBLISHED: 2021-06-12

Receita Federal IRPF 2021 1.7 allows a man-in-the-middle attack against the update feature.

CVE-2021-31811
PUBLISHED: 2021-06-12

In Apache PDFBox, a carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.

CVE-2021-31812
PUBLISHED: 2021-06-12

In Apache PDFBox, a carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.

CVE-2021-32552
PUBLISHED: 2021-06-12

It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-16 package apport hooks, it could expose private data to other local users.

To save this item to your list of favorite Dark Reading content so you can find it later in your Profile page, click the "Save It" button next to the item.

If you found this interesting or useful, please use the links to the services below to share it with other readers. You will need a free account with each service to share an item via that service.
Tweet This
[close this box]