Vulnerabilities / Threats

6/25/2018
04:48 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Bugcrowd announces partnership with Upwork to enhance security for the largest freelancing site

Upwork takes bug bounty program public, offering up to $5,000 for each vulnerability discovered in its marketplace

SAN FRANCISCO – June 19, 2018 – Bugcrowd, the leader in crowdsourced security, today announced Upwork has launched a public bug bounty program on the CrowdcontrolTM platform. Building on the success of their private program, the public program offers rewards of up to $5,000 for valid vulnerabilities on the Upwork web domains, mobile applications (iOS and Android), collaboration tool (Upwork Messages) and API.

“Bug bounty is a critical piece of our vulnerability management and application security program,” said Teza Mukkavilli, Director of Information Security at Upwork. “Working with Bugcrowd allows us to tap into a global community of security researchers who use multidimensional techniques to help identify vulnerabilities at a faster rate and enhance the overall security of our products for our customers.”

Information is an asset that, like other important business assets, is essential to Upwork and consequently needs to be suitably protected. Upwork has always been focused on providing a secure environment for its community of freelancers and clients, so they can safely use its platform. Bugcrowd supports this goal, enabling Upwork’s vulnerability response team to focus on important vulnerabilities and work with internal teams to get them fixed.

‘’Demonstrating a strong security stance is more important for organizations today than ever before,” said Ashish Gupta, CEO, Bugcrowd. “Upwork leads the space in many ways with a progressive business model and a progressive approach to their security posture using crowdsourced bug bounty programs.  We are proud to work with them to build the trust of their customers.”

Bugcrowd’s fully managed crowdsourced security programs ensure ongoing success of each and every bug bounty and vulnerability disclosure program run. Today more industry-leading platforms, including Atlassian, Fitbit, Netflix and Square trust their crowdsourced security programs to Bugcrowd.

For more information on Upwork bug bounty program, or to participate, visit bugcrowd.com/upwork.

 

Additional Resources:

·  Learn more about Bugcrowd and our Customer Stories

·  Read the latest report: 2018 Bugcrowd State of Bug Bounty Report

·  Follow us on Twitter

·  Follow us on LinkedIn


About Bugcrowd
Bugcrowd is trusted by more of the Fortune 500 than any other crowdsourced security platform. Why? Because people need the increased security of a bug bounty without all the extra work and chaos. Bugcrowd cracked the code on crowdsourced security through rock-solid program management, top trusted researchers and a versatile platform. That’s how our vulnerability disclosure and bug bounty programs find seven times as many critical vulnerabilities as traditional testing. Based in San Francisco, Bugcrowd is backed by Blackbird Ventures, Costanoa Ventures, Industry Ventures, Paladin Capital Group, Rally Ventures, Salesforce Ventures and Triangle Peak Partners. Bugcrowd. Outhack Them AllTM. Learn more at www.bugcrowd.com.

 

About Upwork

Upwork is the largest global freelancing website. It enables businesses to find and work with highly skilled freelancers. As an increasingly connected and independent workforce goes online, knowledge work — like software, shopping and content before it — is shifting online as well. This shift is making it easier for clients to connect and work with talent in near real-time and is freeing professionals everywhere from having to work at a set time and place. Our company’s mission is to create economic opportunities so people have better lives.

Upwork is headquartered in Mountain View, Calif., with offices in San Francisco and Chicago. For more information, visit our website at www.upwork.com, join us on Twitter, Facebook and LinkedIn.

 

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Devastating Cyberattack on Email Provider Destroys 18 Years of Data
Jai Vijayan, Freelance writer,  2/12/2019
Up to 100,000 Reported Affected in Landmark White Data Breach
Kelly Sheridan, Staff Editor, Dark Reading,  2/12/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
How Enterprises Are Attacking the Cybersecurity Problem
How Enterprises Are Attacking the Cybersecurity Problem
Data breach fears and the need to comply with regulations such as GDPR are two major drivers increased spending on security products and technologies. But other factors are contributing to the trend as well. Find out more about how enterprises are attacking the cybersecurity problem by reading our report today.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-8354
PUBLISHED: 2019-02-15
An issue was discovered in SoX 14.4.2. lsx_make_lpf in effect_i_dsp.c has an integer overflow on the result of multiplication fed into malloc. When the buffer is allocated, it is smaller than expected, leading to a heap-based buffer overflow.
CVE-2019-8355
PUBLISHED: 2019-02-15
An issue was discovered in SoX 14.4.2. In xmalloc.h, there is an integer overflow on the result of multiplication fed into the lsx_valloc macro that wraps malloc. When the buffer is allocated, it is smaller than expected, leading to a heap-based buffer overflow in channels_start in remix.c.
CVE-2019-8356
PUBLISHED: 2019-02-15
An issue was discovered in SoX 14.4.2. One of the arguments to bitrv2 in fft4g.c is not guarded, such that it can lead to write access outside of the statically declared array, aka a stack-based buffer overflow.
CVE-2019-8357
PUBLISHED: 2019-02-15
An issue was discovered in SoX 14.4.2. lsx_make_lpf in effect_i_dsp.c allows a NULL pointer dereference.
CVE-2013-2516
PUBLISHED: 2019-02-15
Vulnerability in FileUtils v0.7, Ruby Gem Fileutils <= v0.7 Command Injection vulnerability in user supplied url variable that is passed to the shell.