Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

6/25/2018
04:48 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Bugcrowd announces partnership with Upwork to enhance security for the largest freelancing site

Upwork takes bug bounty program public, offering up to $5,000 for each vulnerability discovered in its marketplace

SAN FRANCISCO – June 19, 2018 – Bugcrowd, the leader in crowdsourced security, today announced Upwork has launched a public bug bounty program on the CrowdcontrolTM platform. Building on the success of their private program, the public program offers rewards of up to $5,000 for valid vulnerabilities on the Upwork web domains, mobile applications (iOS and Android), collaboration tool (Upwork Messages) and API.

“Bug bounty is a critical piece of our vulnerability management and application security program,” said Teza Mukkavilli, Director of Information Security at Upwork. “Working with Bugcrowd allows us to tap into a global community of security researchers who use multidimensional techniques to help identify vulnerabilities at a faster rate and enhance the overall security of our products for our customers.”

Information is an asset that, like other important business assets, is essential to Upwork and consequently needs to be suitably protected. Upwork has always been focused on providing a secure environment for its community of freelancers and clients, so they can safely use its platform. Bugcrowd supports this goal, enabling Upwork’s vulnerability response team to focus on important vulnerabilities and work with internal teams to get them fixed.

‘’Demonstrating a strong security stance is more important for organizations today than ever before,” said Ashish Gupta, CEO, Bugcrowd. “Upwork leads the space in many ways with a progressive business model and a progressive approach to their security posture using crowdsourced bug bounty programs.  We are proud to work with them to build the trust of their customers.”

Bugcrowd’s fully managed crowdsourced security programs ensure ongoing success of each and every bug bounty and vulnerability disclosure program run. Today more industry-leading platforms, including Atlassian, Fitbit, Netflix and Square trust their crowdsourced security programs to Bugcrowd.

For more information on Upwork bug bounty program, or to participate, visit bugcrowd.com/upwork.

 

Additional Resources:

·  Learn more about Bugcrowd and our Customer Stories

·  Read the latest report: 2018 Bugcrowd State of Bug Bounty Report

·  Follow us on Twitter

·  Follow us on LinkedIn


About Bugcrowd
Bugcrowd is trusted by more of the Fortune 500 than any other crowdsourced security platform. Why? Because people need the increased security of a bug bounty without all the extra work and chaos. Bugcrowd cracked the code on crowdsourced security through rock-solid program management, top trusted researchers and a versatile platform. That’s how our vulnerability disclosure and bug bounty programs find seven times as many critical vulnerabilities as traditional testing. Based in San Francisco, Bugcrowd is backed by Blackbird Ventures, Costanoa Ventures, Industry Ventures, Paladin Capital Group, Rally Ventures, Salesforce Ventures and Triangle Peak Partners. Bugcrowd. Outhack Them AllTM. Learn more at www.bugcrowd.com.

 

About Upwork

Upwork is the largest global freelancing website. It enables businesses to find and work with highly skilled freelancers. As an increasingly connected and independent workforce goes online, knowledge work — like software, shopping and content before it — is shifting online as well. This shift is making it easier for clients to connect and work with talent in near real-time and is freeing professionals everywhere from having to work at a set time and place. Our company’s mission is to create economic opportunities so people have better lives.

Upwork is headquartered in Mountain View, Calif., with offices in San Francisco and Chicago. For more information, visit our website at www.upwork.com, join us on Twitter, Facebook and LinkedIn.

 

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
10 Ways to Keep a Rogue RasPi From Wrecking Your Network
Curtis Franklin Jr., Senior Editor at Dark Reading,  7/10/2019
The Security of Cloud Applications
Hillel Solow, CTO and Co-founder, Protego,  7/11/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-1130
PUBLISHED: 2019-07-15
An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1129.
CVE-2019-1132
PUBLISHED: 2019-07-15
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'.
CVE-2019-1134
PUBLISHED: 2019-07-15
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'.
CVE-2019-1136
PUBLISHED: 2019-07-15
An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka 'Microsoft Exchange Server Elevation of Privilege Vulnerability'.
CVE-2019-1137
PUBLISHED: 2019-07-15
A cross-site-scripting (XSS) vulnerability exists when Microsoft Exchange Server does not properly sanitize a specially crafted web request to an affected Exchange server, aka 'Microsoft Exchange Server Spoofing Vulnerability'.