Following the news about the Fiat Chrysler offering a bug bounty program. Art Dahnert, Consultant at Cigital commented below on this bounty program.
Art Dahnert, Consultant at Cigital:
“I’ve looked at the BugCrowd profile for the
FCA bug bounty and it looks like they are just dipping their toe in the water. They are specifically staying away from the automotive platforms, meaning the cars themselves. The domains in scope are ancillary integration services for some of the vehicle components. They gave a well-defined list of what types of vulnerabilities are important, which helps with keeping the “signal to noise” ratio low.
The Bug Bounty is a good first step and I’m hopeful they are able to find value in it. This should be part of a more holistic plan that involves design analysis and threat models as well as internal security assessments. The earlier in the product cycle a vulnerability is found the easier and cheaper it is to fix.”
Most Commented Posts
2020 Cybersecurity Landscape: 100+ Experts’ Predictions
Cyber Security Predictions 2021: Experts’ Responses
Experts’ Responses: Cyber Security Predictions 2023
Data Privacy Protection Day (Thursday 28th) – Experts Comments
Experts Insight On US Pipeline Shut After Cyberattack
Most Active Commenters
Recent Comments
“Cybersecurity Awareness Month’s new evergreen theme "Secure Our World” is…
“Avoid storing data on personal devices: A crucial but often overlooked…
“I recommend a new nuance to passwords that isn’t often…
“In my role overseeing cloud environments and incident response, I'm…
“Cybersecurity Awareness Month serves as a reminder to confront the…