Following the news about the Fiat Chrysler offering a bug bounty program. Art Dahnert, Consultant at Cigital commented below on this bounty program.
Art Dahnert, Consultant at Cigital:
“I’ve looked at the BugCrowd profile for the FCA bug bounty and it looks like they are just dipping their toe in the water. They are specifically staying away from the automotive platforms, meaning the cars themselves. The domains in scope are ancillary integration services for some of the vehicle components. They gave a well-defined list of what types of vulnerabilities are important, which helps with keeping the “signal to noise” ratio low.
The Bug Bounty is a good first step and I’m hopeful they are able to find value in it. This should be part of a more holistic plan that involves design analysis and threat models as well as internal security assessments. The earlier in the product cycle a vulnerability is found the easier and cheaper it is to fix.”
Most Commented Posts
2020 Cybersecurity Landscape: 100+ Experts’ Predictions
Cyber Security Predictions 2021: Experts’ Responses
Experts’ Responses: Cyber Security Predictions 2023
Celebrating Data Privacy Day – 28th January 2023
Data Privacy Protection Day (Thursday 28th) – Experts Comments
Most Active Commenters
Recent Comments
Chat systems such as Slack and Teams need to be…
“This is a sophisticated phishing scam that will catch out…
“Cybersecurity is increasingly complex, in part, due to the interconnected…
“Unfortunately, time and time again we see NGOs, hospitals and…
As I have always said - it is verified trust…