In context: Slack has fixed a “critical” vulnerability in its desktop app that could have posed a significant threat for users of the messaging service. A security researcher identified the bug, posted it through a bug bounty platform, and was compensated for his efforts. But members of the security community are arguing that the fee paid by Slack wasn’t nearly enough.

In the current age of remote working, more people are relying on team collaboration tools and Slack is one of the top services in the category. A security vulnerability in the service’s desktop app, which is now fixed, could have caused major problems. In the wrong hands, the exploit would have allowed remote code execution, making it possible for a hacker to access passwords, internal network access, and files.

What’s more, it was possible to make the attack “wormable,” allowing it to be passed on from one account to a whole group of users, thereby compromising an entire Slack team. It’s clear that a huge amount of sensitive information could have been maliciously captured using the security exploit.

The vulnerability wasn’t identified by Slack’s security team, however. An independent security researcher notified Slack via bug bounty platform HackerOne earlier this year. For his efforts, the researcher was awarded a fee of $1,750. However, as Mashable explains, many members of the security community feel that this wasn’t enough.

A spokesperson for Slack responded to these comments, explaining: “We deeply value the contributions of the security and developer communities, and we will continue to review our payout scale to ensure that we are recognizing their work and creating value for our customers.” The spokesperson added that an initial fix for this exploit was implemented in February.

Slack now does appear to be offering higher payouts for significant exploits such as this — an important move, as a less noble researcher could have sold this “critical” vulnerability to a malicious buyer. Thankfully, that wasn’t the case this time.

Products You May Like

Articles You May Like

New Peer to Peer Exchange Provides Africans with an Alternative to Paxful
LeBron James Is Right to Be ‘Pissed Off’ About NBA MVP Voting
DeFi may not be like the ICO boom, but is that a good thing?
Bitcoin ATMs Surpass 10,100 Worldwide: Expert Shares Industry Outlook
Is Bitcoin the Most Trending Form of Currency Now?
Here’s What Analysts Are Saying About Bitcoin As It Plunges 16%

Leave a Reply

Your email address will not be published. Required fields are marked *