In Part 1 of "Bug Bounty Programs: Are You Ready?" we examined the growth of commercial bug bounty programs and what organizations need to do before investing in and launching their own bug bounty. In this part, we'll discuss why an organization needs to launch a bug bounty program, and what limits the value they will likely extract from such an investment.
The premise of crowdsourcing the task of uncovering new bugs and vulnerabilities in an organization's web applications or consumer products sounds compelling to many. What's not to like with the prospect of "many eyes" poking and prodding away at a corporate system for a minimal reward -- and preemptively uncovering flaws that could have been exploited by hackers with nefarious intent?
What will the Internet look like in the next seven to 10 years? How will things like marketplace consolidation, changes to regulation, increases in cybercrime or the widespread deployment of the Internet of Things impact the Internet, its users and society? At the Internet Society, we are always thinking about what's next for the Internet. And now we want your help!
The new year is upon us and it's time for our annual look at CircleID's most popular posts of the past year and highlighting those that received the most attention. Congratulations to all the 2016 participants and best wishes to all in the new year.
A new age of openness is coming upon us. At least that's what we're being told. For instance -- "The reign of closed solution suites is over, shifting to the rise of open, heterogeneous software ecosystems." Maybe it's my 30 years in the information technology business (how many people remember Thomas-Conrad ARCnet hardware?), but I'm not convinced. It's worth taking a moment to consider the case.
Verisign's spent the best part of 2016 putting out warnings. The .COM operator and domain industry heavyweight highlighted its Q3 earnings report with a stern "Ending Q4 '16 Domain Name Base expected to decrease by between 1.5M to 2.8M registrations from the end of Q3 '16". A forecast which the company said was based on "on historical seasonality and current market trends." As 2016 drew to a close, the downturn seemed to materialize...
There's a new virus infecting the Internet that's more pernicious and more dangerous than any virus that has gone before. It's the first example ever of a hybrid Internet-human virus and probably the universal common ancestor of all hybrid Internet-human viruses to come. The condition the virus leaves behind is increasingly well recognised and goes by the understated label of "post-truth" but the virus itself is so far anonymous and so I propose we name it after the effect it has on those it has infected who, put simply, can no longer distinguish reality from fiction, hence the reality virus.
I attended AWS re:Invent 2016 about three or four weeks ago. Being new to both AWS and to re:Invent I was an outsider again, observing with virgin eyes. This means I learned a lot. Hopefully it means I saw things a bit differently than those more fully entrenched in this new community. So while others have long since covered the product announcements and other major news from the event, I'll take this opportunity to touch on some of the things that struck me as descriptive and/or indicative of the greater trends at play here.
Bad idea: Set up a business and provide poor goods or services; receive bad reviews online for your poor goods or services. Worse idea: Instead of treating your customers' feedback as free expert advice and listening to their suggestions on how to improve your business, sue your customers -- experience the Streisand Effect -- resulting in increased media coverage highlighting your lousy goods, service, and treatment of customers. Ensure that negatives reviews of your business get the widest exposure possible.
Website publishers that want to protect themselves against claims of copyright infringement must participate in a new online registration system created by the U.S. Copyright Office for the Digital Millennium Copyright Act ("DMCA") -- even if they have participated previously. The new program, launched on December 1, 2016, offers a mandatory online registration system for the DMCA that replaces the original (and clunky) "interim" designation system, which was created in 1998.