back to article Netgear unveils world's easiest bug bounty

Netgear has broken ranks from the consumer router security shame factory to offer a bug bounty sporting extra rewards for chained exploits. Hoping to shake the SOHOpeless tag, the vendor will hand out up to US$15,000 for hackers reporting global remote unauthorised access from the internet to Netgear devices, and unauthorised …

  1. Anonymous Coward
    FAIL

    Doesn't address the issue

    It's a limited product list that doesn't address the issue of netgear rebranded goods being the main routers for thousands of households.

    1. A Non e-mouse Silver badge

      Re: Doesn't address the issue

      True, but it's a start. I think most companies start off their bug bounty programs with very limited scope. As the company gets the hang of the process, they slowly expand the products & services covered by the bug bounty.

    2. EnviableOne Silver badge

      Re: Doesn't address the issue

      Why would Netgear pay for bugs in someone else's code?

      Re-branded goods might have their name on it, but they have no control over fixing any bugs found.

      And the main router for most homes is decided by their ISP and increasingly that's not netgear

      1. tiggity Silver badge

        Re: Doesn't address the issue

        I got an ISP provided router - it's still in it's full packaging, unopened in a cupboard. Best place for it - it's only value is as an emergency spare router to be used as short a time as possible if proper router dies.

        1. Anonymous Coward
          Anonymous Coward

          Re: Doesn't address the issue

          Which ISP?

          The SKY modem menu's look very similiar to a Netgear router I once owned.

    3. paulf
      Unhappy

      Re: Doesn't address the issue

      I would have thought the main issue wasn't so much getting bug reports filed as actually fixing them and pushing out an updated firmware image with those verified fixes? Netgear might be upping their game (finally!) on bug bounties but they've proved poor in the whole area of fixing bugs with updated firmware, and even when they do products get EOLd soon after release because the fixes only get applied to the vn+1 HW they've just released. [This happened with my router - loads of ADSL bugs which were never fixed in an official firmware release because they put all the bug fixes in a v2 HW release instead. I only got some of the fixes because I switched to an Engineering beta firmware after pestering their Support].

      On the issue of rebranding - if it says Netgear on the front they need to understand they're going to take the flack for it whether it's their Hardware/Firmware or not so yes rebranded items should be included.

      Oh and FTA: "They will score half that in they can steal only one user's payment information or the majority of Netgear's customer database including logins and products owned."

      So if someone hacks their main customer database but only makes off with the majority of it they only get five grand? I can't help thinking it would be worth more than that to a competitor?

  2. wyatt

    So, find multiple bugs and report 3 at a time to maximise return. Sounds good!

  3. S4qFBxkFFg
    FAIL

    I have very faint hopes of any improvement to Netgear's kit raising it to the level of "OK".

    Example: I bought a wifi booster (this one) recently. Two ways of setting the thing up: WPS (which my router doesn't have), or putting my email and a password into a browser interface. The second would not have been so bad (still a bit wtf though) except that the thing complained the email I gave it (which El Reg, Google, Amazon, Facebook, etc. are perfectly fine with) was an invalid email address.

    If a company making network kit can't handle a slightly unconventional email address, the chances are their code inside the device is full of similar horrors - it's certainly the last product I'll buy from them.

    1. Anonymous Coward
      Anonymous Coward

      Internal email

      I got round it by setting an internal email address, however you could try

      postmaster@netgear.com

  4. Brian Miller

    But you have to buy their products...

    I moved away from Netgear over a decade ago! I'd have to buy their products to go after this bounty program, and I don't want to! (Yes, I could hack my neighbor's WiFi, but that's supposed to be a no-no.)

    1. Adrian 4 Silver badge

      Re: But you have to buy their products...

      I just like those blue metal boxes.

      So much more beautiful than the silver and black plastic everyone else uses.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021