20: Bugging Out Over Bounties

<p>What’s been bugging the team recently? Slack’s bug bounty –&nbsp;if it can even be called that –&nbsp;causes some consternation in this episode and raises serious questions about bug bounty programs. The bug in question was classified as a ‘critical’ RCE vulnerability and yet the researcher who discovered it only got $1750. Yup, you read that right. Apparently doing the right thing doesn’t always pay, but if you’re like Kev you might end up with some free chicken or a heartfelt ‘thank you’. We’re absolutely certain that such rewards are enough to keep people on the responsible disclosure side of the fence…</p><p>Also covered in this episode is the strange news that a Russian national was arrested for trying to convince a Tesla employee into installing malware onto the company’s network for the tasty sum of $1m. Color us intrigued…</p><p>***</p><p><strong>Slack Bug Bounty:</strong></p><p><a href="https://mashable.com/article/slack-fixes-critical-remote-code-execution-vulnerabilitybug-bounty/?europe=true" rel="noopener noreferrer" target="_blank">https://mashable.com/article/slack-fixes-critical-remote-code-execution-vulnerabilitybug-bounty/?europe=true</a></p><p><strong>Tesla Hacking Plot:</strong></p><p><a href="https://www.zdnet.com/article/elon-musk-confirms-russian-hacking-plot-targeted-tesla-factory/" rel="noopener noreferrer" target="_blank">https://www.zdnet.com/article/elon-musk-confirms-russian-hacking-plot-targeted-tesla-factory/</a></p>