Java runtime Security
Java runtime security is just as important as any other security issue, but as a user of Play Digital Signage, you have nothing to worry about.
In connection to the recent global IT crisis related to the Log4J. The vulnerability is in a popular logging library where the attacker is able to execute code remotely by logging a specific string. Play Digital Signage has never used Java runtime and hence we have never used log4J. Our users have never been subjected to the recent log4j remote code execution exploit. Rest assured that our security team will continue to monitor the situation. With this said, we would like to take the chance to explain how a bug bounty program works here at Play Digital Signage.
As with any type of software, security is an important and top priority issue for developers around the world.
With digital signage however the consequences can be even greater, and there are real-world examples to prove it. Bug bounty programs utilize freelance penetration testers who will try to find exploits in our software. The security experts will try different combinations of attacks, such as cross-site scripting, request forgery, or SQL injection exploits. Should they find an attack vector, they will contact us and we will evaluate the severity of the exploit. The reward paid out to the security researcher depends on how applicable the vulnerability is. At the time of writing this, our software has been checked by more than 5 different and independent researchers and we also paid out rewards for them, nothing extremely critical though. We value good work and the importance of patching security flaws, so keeping pen-testers motivated is essential. If you are a freelance security researcher and are interested in joining our bug bounty program, please refer to this page for more information.