Threat Intelligence

6/7/2017
06:20 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Centrify Fortifies Platform Security with Bugcrowd Bug Bounty Program

Centrify to award up to $3,000 per vulnerability to ensure the security of the Centrify Identity Services platform.

SAN FRANCISCO – Centrify, the leader in securing hybrid enterprises through the power of identity, today launched a public bug bounty program with Bugcrowd, the leader in crowdsourced security testing. Building on the success of its private, on-demand program, the public program will leverage more than 50,000 security researchers on the Bugcrowd platform to reinforce the security of the Centrify Identity Services platform. Centrify Identity Services secures each user’s access to apps, endpoints and infrastructure through single sign-on, multifactor authentication and privileged identity management.  

Centrify will reward security researchers between $100 - $3,000 USD per bug identified—depending on impact and severity of vulnerabilities identified in our Application Services, Infrastructure Services and corporate website.

"As a leader in identity services, it is incumbent upon us to fully vet the security on our platform to ensure that each user’s access to apps and infrastructure is secure and that we continue to deliver the best solutions," explains Raun Nohavitza, senior director of IT at Centrify. "Bugcrowd’s platform, organization, experience with triage and relationship with the security community make their bounty program very attractive. With Bugcrowd we’re not only doing the right thing for our security offerings in the best way possible, but we’re also getting consistent administration and management for our ongoing program."

At Bugcrowd security expertise is built into the design, support and management of every program. Bugcrowd’s easy-to-use platform connects organizations with a curated crowd of tens of thousands of researchers for quicker identification of vulnerabilities, while its experienced team manages programs every step of the way to ensure organizations see results.

"The explosion of online business has increased the opportunities for adversaries, which makes a strong security stance more important than ever," said Casey Ellis, CEO and founder of Bugcrowd. "Centrify is clearly demonstrating their commitment to keeping their customers secure by proactively engaging the help of the white-hat hacker community through the Bugcrowd platform. Bug bounty programs have emerged as the most effective and efficient way to secure the delivery of products and services, and we are proud to manage their bug bounty program."

To learn more about Centrify’s public bug bounty program or to participate, visit bugcrowd.com/centrify.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
'Hidden Tunnels' Help Hackers Launch Financial Services Attacks
Kelly Sheridan, Staff Editor, Dark Reading,  6/20/2018
Inside a SamSam Ransomware Attack
Ajit Sancheti, CEO and Co-Founder, Preempt,  6/20/2018
Tesla Employee Steals, Sabotages Company Data
Jai Vijayan, Freelance writer,  6/19/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-12697
PUBLISHED: 2018-06-23
A NULL pointer dereference (aka SEGV on unknown address 0x000000000000) was discovered in work_stuff_copy_to_from in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. This can occur during execution of objdump.
CVE-2018-12698
PUBLISHED: 2018-06-23
demangle_template in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM) during the "Create an array for saving the template argument values" XNEWVEC call. This can occur during execution of objdump.
CVE-2018-12699
PUBLISHED: 2018-06-23
finish_stab in stabs.c in GNU Binutils 2.30 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write of 8 bytes. This can occur during execution of objdump.
CVE-2018-12700
PUBLISHED: 2018-06-23
A Stack Exhaustion issue was discovered in debug_write_type in debug.c in GNU Binutils 2.30 because of DEBUG_KIND_INDIRECT infinite recursion.
CVE-2018-11560
PUBLISHED: 2018-06-23
The webService binary on Insteon HD IP Camera White 2864-222 devices has a stack-based Buffer Overflow leading to Control-Flow Hijacking via a crafted usr key, as demonstrated by a long remoteIp parameter to cgi-bin/CGIProxy.fcgi on port 34100.