Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

6/25/2018
04:48 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Bugcrowd announces partnership with Upwork to enhance security for the largest freelancing site

Upwork takes bug bounty program public, offering up to $5,000 for each vulnerability discovered in its marketplace

SAN FRANCISCO – June 19, 2018 – Bugcrowd, the leader in crowdsourced security, today announced Upwork has launched a public bug bounty program on the CrowdcontrolTM platform. Building on the success of their private program, the public program offers rewards of up to $5,000 for valid vulnerabilities on the Upwork web domains, mobile applications (iOS and Android), collaboration tool (Upwork Messages) and API.

“Bug bounty is a critical piece of our vulnerability management and application security program,” said Teza Mukkavilli, Director of Information Security at Upwork. “Working with Bugcrowd allows us to tap into a global community of security researchers who use multidimensional techniques to help identify vulnerabilities at a faster rate and enhance the overall security of our products for our customers.”

Information is an asset that, like other important business assets, is essential to Upwork and consequently needs to be suitably protected. Upwork has always been focused on providing a secure environment for its community of freelancers and clients, so they can safely use its platform. Bugcrowd supports this goal, enabling Upwork’s vulnerability response team to focus on important vulnerabilities and work with internal teams to get them fixed.

‘’Demonstrating a strong security stance is more important for organizations today than ever before,” said Ashish Gupta, CEO, Bugcrowd. “Upwork leads the space in many ways with a progressive business model and a progressive approach to their security posture using crowdsourced bug bounty programs.  We are proud to work with them to build the trust of their customers.”

Bugcrowd’s fully managed crowdsourced security programs ensure ongoing success of each and every bug bounty and vulnerability disclosure program run. Today more industry-leading platforms, including Atlassian, Fitbit, Netflix and Square trust their crowdsourced security programs to Bugcrowd.

For more information on Upwork bug bounty program, or to participate, visit bugcrowd.com/upwork.

 

Additional Resources:

·  Learn more about Bugcrowd and our Customer Stories

·  Read the latest report: 2018 Bugcrowd State of Bug Bounty Report

·  Follow us on Twitter

·  Follow us on LinkedIn


About Bugcrowd
Bugcrowd is trusted by more of the Fortune 500 than any other crowdsourced security platform. Why? Because people need the increased security of a bug bounty without all the extra work and chaos. Bugcrowd cracked the code on crowdsourced security through rock-solid program management, top trusted researchers and a versatile platform. That’s how our vulnerability disclosure and bug bounty programs find seven times as many critical vulnerabilities as traditional testing. Based in San Francisco, Bugcrowd is backed by Blackbird Ventures, Costanoa Ventures, Industry Ventures, Paladin Capital Group, Rally Ventures, Salesforce Ventures and Triangle Peak Partners. Bugcrowd. Outhack Them AllTM. Learn more at www.bugcrowd.com.

 

About Upwork

Upwork is the largest global freelancing website. It enables businesses to find and work with highly skilled freelancers. As an increasingly connected and independent workforce goes online, knowledge work — like software, shopping and content before it — is shifting online as well. This shift is making it easier for clients to connect and work with talent in near real-time and is freeing professionals everywhere from having to work at a set time and place. Our company’s mission is to create economic opportunities so people have better lives.

Upwork is headquartered in Mountain View, Calif., with offices in San Francisco and Chicago. For more information, visit our website at www.upwork.com, join us on Twitter, Facebook and LinkedIn.

 

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Tor Weaponized to Steal Bitcoin
Dark Reading Staff 10/18/2019
Data Privacy Protections for the Most Vulnerable -- Children
Dimitri Sirota, Founder & CEO of BigID,  10/17/2019
State of SMB Insecurity by the Numbers
Ericka Chickowski, Contributing Writer,  10/17/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
2019 Online Malware and Threats
2019 Online Malware and Threats
As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-18281
PUBLISHED: 2019-10-23
An out-of-bounds memory access in the generateDirectionalRuns() function in qtextengine.cpp in Qt qtbase 5.11.x and 5.12.x before 5.12.5 allows attackers to cause a denial of service by crashing an application via a text file containing many directional characters.
CVE-2019-18344
PUBLISHED: 2019-10-23
Sourcecodester Online Grading System 1.0 is vulnerable to unauthenticated SQL injection and can allow remote attackers to execute arbitrary SQL commands via the student, instructor, department, room, class, or user page (id or classid parameter).
CVE-2019-16976
PUBLISHED: 2019-10-23
In FusionPBX up to 4.5.7, the file app\destinations\destination_imports.php uses an unsanitized "query_string" variable coming from the URL, which is reflected on 2 occasions in HTML, leading to XSS.
CVE-2019-18219
PUBLISHED: 2019-10-23
Sitemagic CMS 4.4.1 is affected by a Cross-Site-Scripting (XSS) vulnerability, as it fails to validate user input. The affected components (index.php, upgrade.php) allow for JavaScript injection within both GET or POST requests, via a crafted URL or via the UpgradeMode POST parameter.
CVE-2019-18220
PUBLISHED: 2019-10-23
Sitemagic CMS 4.4.1 is affected by a Cross-Site-Request-Forgery (CSRF) issue as it doesn't implement any method to validate incoming requests, allowing the execution of critical functionalities via spoofed requests. This behavior could be abused by a remote unauthenticated attacker to trick Sitemagi...