Following the news about the Fiat Chrysler offering a bug bounty program. Art Dahnert, Consultant at Cigital commented below on this bounty program.
Art Dahnert, Consultant at Cigital:
“I’ve looked at the BugCrowd profile for the FCA bug bounty and it looks like they are just dipping their toe in the water. They are specifically staying away from the automotive platforms, meaning the cars themselves. The domains in scope are ancillary integration services for some of the vehicle components. They gave a well-defined list of what types of vulnerabilities are important, which helps with keeping the “signal to noise” ratio low.
The Bug Bounty is a good first step and I’m hopeful they are able to find value in it. This should be part of a more holistic plan that involves design analysis and threat models as well as internal security assessments. The earlier in the product cycle a vulnerability is found the easier and cheaper it is to fix.”
Most Commented Posts
2020 Cybersecurity Landscape: 100+ Experts’ Predictions
Cyber Security Predictions 2021: Experts’ Responses
Experts’ Responses: Cyber Security Predictions 2023
Celebrating Data Privacy Day – 28th January 2023
Data Privacy Protection Day (Thursday 28th) – Experts Comments
Most Active Commenters
A worrying trend for Australians The Latitude Financial attack clearly…
It is not unusual for companies to keep hold of…
“First of all, it should be praised that Ferrari have…
These findings aren’t very surprising given that unpatched zero-days provide…
These figures from Mandiant highlight how attackers are continuing to…