bug bounty program

OpenAI Launches Bug Bounty Program

OpenAI, the artificial intelligence (AI) company behind ChatGPT, has announced the launch of a bug bounty program to combat privacy and cybersecurity concerns. The program rewards security researchers and ethical hackers for identifying and addressing vulnerabilities in OpenAI’s technology and company, with cash rewards ranging from $200 for low-severity findings to $20,000 for exceptional discoveries.

OpenAI has partnered with Bugcrowd, a bug bounty platform, to manage the submission and reward process, ensuring a streamlined experience for all participants. The company has also offered safe harbor protection for vulnerability research conducted in compliance with its specific guidelines. OpenAI believes that expertise and vigilance will play a crucial role in keeping its systems secure and ensuring users’ security.

The launch of the program comes in the wake of recent bans in different countries on AI technology and concerns about privacy and cybersecurity. On March 20, OpenAI suffered a data breach, which exposed user data due to a bug in an open-source library. The incident highlighted the need for increased security measures and prompted OpenAI to launch the bug bounty program.

The global community of security researchers, ethical hackers, and technology enthusiasts have been invited to participate in the program. OpenAI hopes that the initiative will help to identify and address vulnerabilities in its systems and improve its overall security posture.

The program’s rules state that researchers must comply with all applicable laws and regulations, and safe harbor protection is provided for vulnerability research conducted according to OpenAI’s guidelines. If a third party takes legal action against a security researcher who participated in the program and followed the rules, OpenAI will inform others that the researcher acted within the program’s guidelines. This is because OpenAI’s systems are connected with other third-party systems and services.

The launch of the program follows a statement by the Japanese government’s Chief Cabinet Secretary Hirokazu Matsuno, stating that Japan would consider incorporating AI technology into government systems, provided privacy and cybersecurity issues are addressed. OpenAI’s bug bounty program demonstrates the company’s commitment to addressing these concerns and improving its security posture. By inviting the global community of security researchers, ethical hackers, and technology enthusiasts to participate, OpenAI hopes to increase vigilance and expertise, directly impacting the security of its systems and ensuring users’ security.

Trust Wallet Discloses Security Flaw Resulting in $170k Loss

The popular cryptocurrency wallet known as Trust Wallet has acknowledged that it had a security weakness that resulted in the loss of over $170,000 for some of its customers. The firm has said that the vulnerability has been fixed, and that it has sent notifications to all of the people who were impacted.

The Trust Wallet bug bounty program is credited with the discovery of the vulnerability, as stated by the company. In November of 2022, a security researcher disclosed a WebAssembly flaw that was present in the open-source framework known as Wallet Core. Trust Wallet additionally noted that new wallet addresses issued by the Browser Extension between November 14 and November 23 included this vulnerability.

On the other hand, the organization reminded its customers that any email addresses that were established before or after those dates are completely secure. Users of Trust Wallet were encouraged to upgrade their apps and establish new addresses in order to strengthen the security of their accounts.

Popular mobile cryptocurrency wallet Trust Wallet supports over 20 different blockchains, including Bitcoin, Ethereum, and Binance Smart Chain, among others. Binance, which is one of the biggest cryptocurrency exchanges in the world, is the owner of the platform.

The bug bounty program is an effort that gives researchers in the field of cybersecurity the opportunity to search for and disclose security flaws in return for financial compensation. Researchers are incentivized via the initiative to discover and disclose vulnerabilities, which paves the way for businesses to strengthen their own security protocols.

Both the promptness with which Trust Wallet addressed the problem and the openness with which it disclosed the existence of the security flaw have earned the company accolades. This event brings to light the need of taking precautions while dealing with cryptocurrencies, and it should serve as a warning to users that they need to be extra watchful when it comes to protecting the assets they have.

In summing up, the security flaw that was found in Trust Wallet thanks to its bug bounty program has been fixed. The impacted customers have been notified by the firm, who has also suggested that they update their app and establish new wallet addresses. The necessity of taking precautions to protect one’s bitcoin holdings is highlighted by Trust Wallet’s openness on the issue and its prompt response in trying to resolve it.

Uniswap Labs Announces Bug Bounty Program with Rewards Up to 2.25 Million USDC

Uniswap ($UNI) Labs has officially launched a Bug Bounty Program (“the Program”). The initiative aims to encourage ethical hackers and security researchers to identify and report vulnerabilities in Uniswap’s deployed contracts. Rewards for successful bug disclosures can reach up to 2,250,000 USDC, depending on the severity of the issue.

Scope of the Program

The Program specifically targets vulnerabilities in Uniswap’s deployed contracts, including but not limited to:

Universal Router Contract Code

Permit2 Contract Code

V3 Contract Code

UniswapX Contract Code

However, if a bug is discovered in a Uniswap smart contract outside of these repositories and poses a risk to user funds, it will be considered in-scope for the Program.

Exclusions

The Program does not cover:

Third-party contracts not under Uniswap’s direct control
Issues already listed in audits for the above contracts
Bugs in third-party contracts or applications that use Uniswap contracts
The Uniswap DAPP, web interface, or other non-contract related materials

Reward Structure

Uniswap Labs has categorized the severity of potential issues into four levels:

Critical Issues: Impacting numerous users and posing serious reputational, legal, or financial risks.
High Issues: Affecting individual users and posing moderate financial risk.
Medium Issues: Posing relatively small risks and not threatening user funds.
Low/Informational Issues: Relevant to security best practices but not posing an immediate risk.

The rewards will be allocated based on this severity scale and the likelihood of the bug being exploited, as determined solely by Uniswap Labs.

Disclosure Protocol

All vulnerabilities must be reported to Uniswap Labs via the designated email: security+bugbounty@uniswap.org. Public disclosure of the vulnerability is prohibited until Uniswap Labs has resolved the issue and granted permission for public disclosure.

Eligibility Criteria

To be eligible for a reward, the reporter must:

Discover a unique, previously-unreported vulnerability within the scope of the Program.
Be the first to disclose the vulnerability to Uniswap Labs.
Provide sufficient information for the vulnerability to be reproduced and fixed.
Comply with all other terms and conditions of the Program.

Final Remarks

Uniswap Labs retains the sole discretion to alter the terms and conditions of the Program at any time. By participating in the Program, you grant Uniswap Labs the rights needed to validate, mitigate, and disclose the vulnerability.