Welcome to 208! This weekR7;s episode is the first of the year, and weR7;re joined by longtime regular Fahmida Rashid to talk about DJIR7;s bug bounty problems and a pitch about . We also talk about what we think will make headlines this year.

DJI7;s bug bounty:

Researcher Kevin Finisterre posted an essay describing his experiences with the DJI bug bounty program, ultimately walking away form a $30,000 payout due to interactions with the company. A copy of his essay is available via The Register.

In short, Finisterre and the others he worked with discovered sensitive information exposed on AWS. When he queried DJI about the findings and asked if they were within the scope of their bug bounty, the company responded (after lots of back and forth) that it was and offered him a bounty of $30,000 USD.

To read this article in full, please click here



Source link

LEAVE A REPLY

Please enter your comment!
Please enter your name here