Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

6/25/2018
04:48 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Bugcrowd announces partnership with Upwork to enhance security for the largest freelancing site

Upwork takes bug bounty program public, offering up to $5,000 for each vulnerability discovered in its marketplace

SAN FRANCISCO – June 19, 2018 – Bugcrowd, the leader in crowdsourced security, today announced Upwork has launched a public bug bounty program on the CrowdcontrolTM platform. Building on the success of their private program, the public program offers rewards of up to $5,000 for valid vulnerabilities on the Upwork web domains, mobile applications (iOS and Android), collaboration tool (Upwork Messages) and API.

“Bug bounty is a critical piece of our vulnerability management and application security program,” said Teza Mukkavilli, Director of Information Security at Upwork. “Working with Bugcrowd allows us to tap into a global community of security researchers who use multidimensional techniques to help identify vulnerabilities at a faster rate and enhance the overall security of our products for our customers.”

Information is an asset that, like other important business assets, is essential to Upwork and consequently needs to be suitably protected. Upwork has always been focused on providing a secure environment for its community of freelancers and clients, so they can safely use its platform. Bugcrowd supports this goal, enabling Upwork’s vulnerability response team to focus on important vulnerabilities and work with internal teams to get them fixed.

‘’Demonstrating a strong security stance is more important for organizations today than ever before,” said Ashish Gupta, CEO, Bugcrowd. “Upwork leads the space in many ways with a progressive business model and a progressive approach to their security posture using crowdsourced bug bounty programs.  We are proud to work with them to build the trust of their customers.”

Bugcrowd’s fully managed crowdsourced security programs ensure ongoing success of each and every bug bounty and vulnerability disclosure program run. Today more industry-leading platforms, including Atlassian, Fitbit, Netflix and Square trust their crowdsourced security programs to Bugcrowd.

For more information on Upwork bug bounty program, or to participate, visit bugcrowd.com/upwork.

 

Additional Resources:

·  Learn more about Bugcrowd and our Customer Stories

·  Read the latest report: 2018 Bugcrowd State of Bug Bounty Report

·  Follow us on Twitter

·  Follow us on LinkedIn


About Bugcrowd
Bugcrowd is trusted by more of the Fortune 500 than any other crowdsourced security platform. Why? Because people need the increased security of a bug bounty without all the extra work and chaos. Bugcrowd cracked the code on crowdsourced security through rock-solid program management, top trusted researchers and a versatile platform. That’s how our vulnerability disclosure and bug bounty programs find seven times as many critical vulnerabilities as traditional testing. Based in San Francisco, Bugcrowd is backed by Blackbird Ventures, Costanoa Ventures, Industry Ventures, Paladin Capital Group, Rally Ventures, Salesforce Ventures and Triangle Peak Partners. Bugcrowd. Outhack Them AllTM. Learn more at www.bugcrowd.com.

 

About Upwork

Upwork is the largest global freelancing website. It enables businesses to find and work with highly skilled freelancers. As an increasingly connected and independent workforce goes online, knowledge work — like software, shopping and content before it — is shifting online as well. This shift is making it easier for clients to connect and work with talent in near real-time and is freeing professionals everywhere from having to work at a set time and place. Our company’s mission is to create economic opportunities so people have better lives.

Upwork is headquartered in Mountain View, Calif., with offices in San Francisco and Chicago. For more information, visit our website at www.upwork.com, join us on Twitter, Facebook and LinkedIn.

 

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
97% of Americans Can't Ace a Basic Security Test
Steve Zurier, Contributing Writer,  5/20/2019
How Security Vendors Can Address the Cybersecurity Talent Shortage
Rob Rashotte, VP of Global Training and Technical Field Enablement at Fortinet,  5/24/2019
TeamViewer Admits Breach from 2016
Dark Reading Staff 5/20/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-7068
PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
CVE-2019-7069
PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution .
CVE-2019-7070
PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
CVE-2019-7071
PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
CVE-2019-7072
PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .