|
IE has gone to 11 and is no more. There's some notable history related to IE11 and bug bounty programs. In 2008, Katie Moussouris and others from Microsoft announced their vulnerability disclosure program. In 2013 this evolved into a bug bounty program piloted with IE11, with award ranges from $500 to $11,000. Ten years later, that bounty range is still common across the industry. The technical goals of the program remain similar as well -- RCEs, universal XSS, and sandbox escapes are all vulns that can easily gain $10,000+ (or an order of magnitude greater) in modern browser bounty programs. So, even if we've finally moved on from a browser with an outdated security architecture, we're still dealing with critical patches in modern browsers. Fortunately, the concept of bounty programs continues. References: - https://www.blackhat.com/presentations/bh-usa-08/Reavey/MSRC.pdf - https://media.blackhat.com/bh-usa-08/video/bh-us-08-Reavey/black-hat-usa-08-reavey-securetheplanet-hires.m4v - https://web.archive.org/web/20130719064943/http://www.microsoft.com/security/msrc/report/IE11.aspx - https://web.archive.org/web/20190507215514/ https://blogs.technet.microsoft.com/bluehat/2013/07/03/new-bounty-programs-one-week-in/ Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw201 |
.png)
More
Religion & Spirituality
Education
Arts and Design
Health
Fashion & Beauty
Government & Organizations
Kids & family
Music
News & Politics
Science & Medicine
Society & Culture
Sports & Recreation
TV & Film
Technology
Philosophy
Storytelling
Horror and Paranomal
True Crime
Leisure
Travel
Fiction
Crypto
Marketing
History
Comedy
Arts
Games & Hobbies
Business
Motivation
