Security bod may be invited back into vuln reward program, Half-Life 3 still ain't happening
Games giant Valve is attempting to make nice with the infosec bod who disclosed zero-day exploits for vulnerabilities in Steam after the corporation refused to pay out bug bounties for the flaws.
On Thursday, Valve said it would patch both of the holes discovered by bug-hunter Vasily Kravets, and will consider reinstating Kravets into the biz's bug bounty program, run by HackerOne. "We have released updates to the Steam Client public beta channel to address these issues, and we have already pushed some initial fixes to all users," the US corp told us.
This comes after Kravets dropped the second of two zero-day elevation-of-privilege vulnerabilities in the Steam client software. Both would have potentially allowed an attacker to inject malicious code into the application, which, depending on the games ..
Support the originator by clicking the read the rest link below.
