Today’s topics include Apple’s Tim Cook calling for a national privacy law like Europe’s GDPR, and the Department of Defense expanding its bug bounty program.
On Oct. 24 in the European Parliament in the Espace Léopold in Brussels, Belgium, Apple CEO Tim Cook forcefully called for a global movement to protect privacy similar to what the European Union has done with the General Data Protection Regulation, which went into effect in May.
Calling privacy a “fundamental human right,” Cook pushed for legislation in the United States that provides similar protections. He claims technology companies are becoming a “data industrial complex,” echoing the words of former President Dwight Eisenhower, who lamented the growth of the military industrial complex at the beginning of the Cold War.
Cook said that such companies know you better than you know yourself, and he wondered, “What kind of world do we want to live in?”
Also on Oct. 24, the U.S. Department of Defense announced an expansion of its bug bounty efforts, awarding contracts to three managed bug bounty vendors: HackerOne, Synack and Bugcrowd. HackerOne and Synack had been part of an October 2016 contract with the DoD for bug bounties, which is now being renewed and extended to bring Bugcrowd into the program.
With a bug bounty program, an organization rewards security researchers for privately disclosing software vulnerabilities.
The DoD has been running multiple bug bounty efforts since 2016, including Hack the Pentagon, Hack the Air Force, Hack the Marines and Hack the Army, among other efforts. For example, the Hack the Air Force 2.0 bounty in February run by HackerOne was a 20-day challenge in which 106 vulnerabilities were disclosed and patched. The DoD then paid out $103,883 in awards to security researchers.