GitLab released the findings of it’s bug bounty program that became public two years ago. According to the company, it ranked number six on HackerOne’s 2020 Top Ten Public Bug Bounties program list.
GitLab made a number of improvements this year including reducing the time it took for the bounty to be paid out from 90 to 45 days and the company started a new researcher-focused blog series called Ask a Hacker.
The company resolved 259 reports and made 131 of those reports public out of the 1,070 reports that it received this year.
Additional 2020 findings on the platform are available here.
Google/Alphabet employees try to unionize
The Alphabet Workers Union was formed to ensure that working conditions are “inclusive and fair” and to “ensure Alphabet acts ethically and in the best interests of society and the environment,” the new union wrote in its mission statement.
In a move that is atypical of Silicon Valley workers, the Alphabet workers that are members of the union aims to also set a precedent for the tech industry outside of the scope of the company.
“The struggle between workers and bosses has been a constant feature at Alphabet, and so has the presence of worker organizing as a tool for change,” the union wrote on its website.
Recent examples of worker-led actions at the company included a petitioned for the company to stop selling technology to police departments in 2020, and for the company to stop providing infrastructure to US government agencies responsible for separating children from parents and harming asylum seekers in 2019.
Additional details are available here.
Apache weekly update
Last week week at Apache saw the release of Apache ShardingSphere ElasticJob 3.0.0-RC1, which simplifies the injection of OneOffJob when using Spring Boot Starter and added the ability to refactor job tracing configurations.
Other releases included SkyWalking Python v0.5.0, Accumulo 1.10.1 and 2.0.1, and Ignite 2.9.1.
Apache also identified the CVE-2020-17533 error in the sorted, distributed key/value store Accumulo that relates to the improper handling of insufficient permissions.
The full list of details on the new releases are available here.