Month: September 2020

Facebook has announced a policy change that will see the company notify third-party developers if it finds a security vulnerability in their code.

Facebook said it “may occasionally find” critical bugs and vulnerabilities in third-party code and systems, in a blog post announcing the change. “When that happens, our priority is to see these issues promptly fixed, while making sure that people impacted are informed so that they can protect themselves by deploying a patch or updating their systems.”

Facebook has previously notified third-party developers of vulnerabilities, but the policy shift formally codifies the company’s policy towards disclosing and revealing security vulnerabilities.

Vulnerability disclosure programs, or VDPs, allow companies to set the rules of engagement for finding and disclosing security bugs. VDPs also help guide the disclosure and publication of vulnerabilities once a bug is fixed. Companies often use a bug bounty to pay hackers who follow the company’s reporting and disclosure rules.

The policy change is not entirely altruistic. Facebook, like many other tech companies, rely on a ton of third-party code and open-source libraries. But by putting the change in writing, it also puts third-party developers on notice if they don’t fix vulnerabilities in a timely fashion.

Casey Ellis, founder and chief technology officer at vulnerability disclosure platform Bugcrowd, said the policy shift was becoming increasingly popular for companies with a “large, user-centric, third-party attack surface,” and echoes similar efforts by Atlassian, Google, and Microsoft.

Facebook said when it finds a vulnerability, it will give third-party developers 21 days to respond to report and 90 days to fix the issues, a widely accepted timeframe to report and remediate security issues. The company says it will make a reasonable effort to find the right contact for reporting a vulnerability including, but not limited to, emailing security reporting emails, filing bugs without confidential details in bug trackers, or filing support tickets. But the company said it reserves the right to disclose sooner if the vulnerability is actively being exploited by hackers, or delay its disclosure if it’s agreed that more time is needed to fix an issue.

Facebook said it will generally sign an non-disclosure agreement (NDA) specific to the security issues it reports.

Katie Moussouris, founder of Luta Security, told TechCrunch that the “devil will be in the details.”

“The test will be the first time they have to pull the trigger and drop a zero-day — with mitigation guidance — on a competitor,” she said, referring to unpatched vulnerabilities where companies have zero days to patch them.

The new policy is focused specifically on how Facebook handles disclosure of issues in third-party code. If researchers find a security vulnerability on Facebook, or within its family of apps, they will continue to report it through the existing Bug Bounty Program.

As part of the policy change, Facebook said it would also disclose vulnerabilities once they are fixed. In a separate blog post, Facebook, which owns WhatsApp, disclosed six vulnerabilities in the messaging app — since fixed.

Oracle was never fond of the JEDI cloud contract process, that massive $10 billion, decade-long Department of Defense cloud contract that went to a single vendor. It was forever arguing to anyone who would listen that that process was faulty and favored Amazon.

Yesterday it lost another round in court when the U.S. Court of Appeals rejected the database giant’s argument that the procurement process was flawed because it went to a single vendor. It also didn’t buy that there was a conflict of interest because a former Amazon employee was involved in writing the DoD’s request for proposal criteria.

On the latter point, the court wrote, “The court addressed the question whether the contracting officer had properly assessed the impact of the conflicts on the procurement and found that she had.”

Further, the court found that Oracle’s case didn’t have merit in some cases because it failed to meet certain basic contractual criteria. In other cases, it didn’t find that the DoD violated any specific procurement rules with this bidding process.

This represents the third time the company has tried to appeal the process in some way, four if you include direct executive intervention with the president. In fact, even before the RFP had been released in April 2018, CEO Safra Catz brought complaints to the president that the bid favored Amazon.

In November 2018, the Government Accountability Office (GAO) denied Oracle’s protest that it favored Amazon or any of the other points in their complaint. The following month, the company filed a $10 billion lawsuit in federal court, which was denied last August. Yesterday’s ruling is on the appeal of that decision.

It’s worth noting that for all its complaints that the deal favored Amazon, Microsoft actually won the bid. Even with that determination, the deal remains tied up in litigation as Amazon has filed multiple complaints, alleging that the president interfered with the deal and that they should have won on merit.

As with all things related to this contract, the drama has never stopped.

President Trump’s recent suggestion that North Carolina voters should cast multiple ballots has run afoul of Twitter’s election integrity rules. In a series of tweets Thursday morning, the president elaborated on previous statements in which he encouraged Americans to vote twice to “check” vote-by-mail systems.

Trump made the initial comments in a local television interview Wednesday. “They will vote and then they are going to have to check their vote by going to the poll and voting that way because if it tabulates then they won’t be able to do that,” Trump said.

“So let them send it in, and let them go vote. And if the system is as good as they say it is, then they obviously won’t be able to vote.”

Twitter added a “public interest notice” to two tweets related to those comments Thursday, citing its rules around civic and election integrity. The tweets violated the rules “specifically for encouraging people to engage in a behavior that could undermine the integrity of their individual vote,” according to Twitter spokesperson Nick Pacilio. Twitter has limited the reach of those tweets and restricted its likes, replies and retweets without comment.

Trump’s latest attack on vote-by-mail also crossed a line for Facebook . The company will remove any video of Trump’s recent voting comments that are shared without context or those that support the president’s statements, though it has yet to identify any so far.

“This video violates our policies prohibiting voter fraud and we will remove it unless it is shared to correct the record,” Facebook Policy Communications Director Andy Stone said.

Facebook added its own fact-checking notice to the same statement that Twitter deemed in violation of that platform’s rules. Now, a label at the bottom of Trump’s Facebook post contradicts the president’s suggestion that Americans try to vote twice to make sure “the mail in system worked properly.”

The fact-checking label, which reads “Voting by mail has a long history of trustworthiness in the US and the same is predicted this year,” is more specific than the generic voting info label the platform attaches to other election-related content.

The president’s comments were his latest attempt to cast doubt on the vote-by-mail systems that the U.S. will rely on in November’s election. In recent months, Trump has made many unfounded or outright false claims criticizing the safety of mail-in voting, a system that the U.S. already relies on for absentee voting. As November gets closer, those claims have voting rights organizations concerned.

“While this is a step in the right direction, the fact remains that Facebook refuses to enforce its own Terms of Use where Donald Trump is concerned,” VoteAmerica Founder Debra Cleaver said.

“Yesterday, Trump outright urged voters in North Carolina to commit voter fraud. This is part of a larger and dangerous pattern of Trump using social media and other platforms to distribute disinformation, with what appears to be the goal of undermining faith in US elections.”

While the COVID-19 crisis means that more Americans than ever will be using mail-in voting to cast a ballot, the voting method is widely regarded as safe and reliable by experts.

In response to Trump’s remarks, North Carolina’s Board of Elections issued a statement clarifying that voting twice is a Class I felony in the state.

“It is illegal to vote twice in an election,” said Karen Brinson Bell, executive director of the North Carolina State Board of Elections.

“… Attempting to vote twice in an election or soliciting someone to do so also is a violation of North Carolina law.”

President Trump’s recent suggestion that North Carolina voters should cast multiple ballots has run afoul of Twitter’s election integrity rules. In a series of tweets Thursday morning, the president elaborated on previous statements in which he encouraged Americans to vote twice to “check” vote-by-mail systems.

Trump made the initial comments in a local television interview Wednesday. “They will vote and then they are going to have to check their vote by going to the poll and voting that way because if it tabulates then they won’t be able to do that,” Trump said.

“So let them send it in, and let them go vote. And if the system is as good as they say it is, then they obviously won’t be able to vote.”

Twitter added a “public interest notice” to two tweets related to those comments Thursday, citing its rules around civic and election integrity. The tweets violated the rules “specifically for encouraging people to engage in a behavior that could undermine the integrity of their individual vote,” according to Twitter spokesperson Nick Pacilio. Twitter has limited the reach of those tweets and restricted its likes, replies and retweets without comment.

Trump’s latest attack on vote-by-mail also crossed a line for Facebook . The company will remove any video of Trump’s recent voting comments that are shared without context or those that support the president’s statements, though it has yet to identify any so far.

“This video violates our policies prohibiting voter fraud and we will remove it unless it is shared to correct the record,” Facebook Policy Communications Director Andy Stone said.

Facebook added its own fact-checking notice to the same statement that Twitter deemed in violation of that platform’s rules. Now, a label at the bottom of Trump’s Facebook post contradicts the president’s suggestion that Americans try to vote twice to make sure “the mail in system worked properly.”

The fact-checking label, which reads “Voting by mail has a long history of trustworthiness in the US and the same is predicted this year,” is more specific than the generic voting info label the platform attaches to other election-related content.

The president’s comments were his latest attempt to cast doubt on the vote-by-mail systems that the U.S. will rely on in November’s election. In recent months, Trump has made many unfounded or outright false claims criticizing the safety of mail-in voting, a system that the U.S. already relies on for absentee voting. As November gets closer, those claims have voting rights organizations concerned.

“While this is a step in the right direction, the fact remains that Facebook refuses to enforce its own Terms of Use where Donald Trump is concerned,” VoteAmerica Founder Debra Cleaver said.

“Yesterday, Trump outright urged voters in North Carolina to commit voter fraud. This is part of a larger and dangerous pattern of Trump using social media and other platforms to distribute disinformation, with what appears to be the goal of undermining faith in US elections.”

While the COVID-19 crisis means that more Americans than ever will be using mail-in voting to cast a ballot, the voting method is widely regarded as safe and reliable by experts.

In response to Trump’s remarks, North Carolina’s Board of Elections issued a statement clarifying that voting twice is a Class I felony in the state.

“It is illegal to vote twice in an election,” said Karen Brinson Bell, executive director of the North Carolina State Board of Elections.

“… Attempting to vote twice in an election or soliciting someone to do so also is a violation of North Carolina law.”

Rocket Lab’s 14th mission, “I Can’t Believe It’s Not Optical,” had a stowaway aboard. The New Zealand launch company quietly included its first fully functioning satellite next to its paying customer’s payload. First Light, as it’s called, is a sort of tech demo intended to show how access to orbit doesn’t have to be, as CEO and founder Peter Beck put it, “kind of a pain in the butt.”

Rocket Lab has telegraphed this move for some time; the Photon satellite platform was announced early last year, and in March it acquired spacecraft maker Sinclair Interplanetary. It was just a matter of when the company would choose to press the button, and it has now done so.

As Beck explained in a live broadcast today (now that First Light has successfully deployed into orbit), the company felt that “access to space” is, in many ways and despite the inherent risks, a solved problem. The next biggest pain point, he said, is that “it’s just really painful to go from an idea to getting something in orbit.”

It’s cause for celebration, he said, when a project can go from idea to orbit in 18 months. That’s far too slow to keep up with innovation on the ground, especially for startups, who may not have 18 months of runway. “We need to fix that,” Beck said.

Image Credits: Rocket Lab

Photon and First Light represent Rocket Lab’s new business proposition of providing a flexible platform for a modern satellite, and one that fits hand-in-glove with its Electron launch vehicle and other services. Acting as a partner throughout the process rather than just the launch provider is of course more work and money for Rocket Lab, and if things go well it could be much faster and cheaper for the customer as well.

There will be other, new versions of Photon as well as cislunar and interplanetary space become targets for Electron launches. Rocket Lab is already signed on for a lunar mission, NASA’s experimental CAPSTONE craft, which will be based on Photon and help clear the way for later Artemis missions.

SpaceX has done it again – a second ‘hop’ flight in under a month for its Starship prototype. This was a 150 meter (just under 500 foot) test flight from its Boca Chica, Texas development site. The prototype used in this instance was SN6, a more recent model than the SN5 test article that SpaceX used to complete a similar test at the beginning of August.

The hop flight is a key part of its testing program for Starship, and its Raptor engine. These prototypes are equipped with only one such engine, but the final production version will have six, including three designed to fly in Earth’s atmosphere, and three to be used while the vehicle is in space.

SpaceX accomplishing two of these flights with a controlled, upright landing in rapid succession is a very good sign for the spacecraft’s development program, since there have been a number of previous prototypes which never made it to this point. Earlier versions encountered pressurization failures under load when simulating what the conditions would be with fuel on board.

These short hops help SpaceX gather data bout Raptor performance, as well as the performance of a full-sized prototype Starship (though without elements including the nosecone and eventual landing legs). All of this will inform later tests, including a much higher sub-orbital atmospheric flight intended to go around as high as commercial airplanes fly, and eventually, the first orbital Starship launch, which is currently likely to take place next year at the earliest.

SpaceX is pursuing a rapid iteration development plan for Starship, creating multiple generations of prototype at once at its Boca Chica site, with the aim of testing and improving the design quickly, while also learning from failures. The goal had been to fly Starship’s first operational missions sometime next year, but it will be incredibly impressive if the company manages that considering where they’re at in the rocket’s development cycle.

Welcome to the very first edition of Extra Crunch’s Media Roundup. Over the past few months, we’ve launched features like Decrypted, Deep Science and The Exchange, which aggregate and analyze the latest news in a given sector, so it seemed overdue to do something similar for media.

The goal is to provide a regular update on what entrepreneurs in the content or advertising business should be thinking about. That doesn’t just mean startup funding — we’ll track the broader landscape, including platform policies that could affect everyone — which is just as important as knowing who’s getting checks.

If you have any thoughts on what you’d like to see included in future roundups, please let me know in the comments below.

Let’s get started.

Facebook may ban news sharing in Australia

This is part of an ongoing dispute between Facebook and the Australian government, which has created a plan that would require Facebook and Google to share revenue with Australian news publishers whose content appears on their services. Both companies have a complicated relationship with the news business, with many publishers both relying on large platforms for traffic while also resenting the fact that those platforms take the vast majority of digital ad revenue.

In an attempt to improve that relationship, Google and Facebook have committed in recent years to investing hundreds of millions of dollars in journalism — and while those efforts are commendable, it’s worth asking whether publishers should be entitled to more by law, not just as a gift.

Disrupt 2020 is all about helping startups find and create ways to drive their business forward in these most challenging times. We partnered with cela to give exhibitors in Digital Startup Alley one sweet opportunity — networking with 13 accelerators.

If you’re exhibiting — or plan to — don’t miss out on your chance to meet with up to 13 accelerators and pre-interview for their upcoming virtual cohorts. The first in our series of accelerator sessions — where you’ll gather information and pitch your product — takes place next week. Here’s everything you need to know.

Date: September 8

Time: 1 p.m. – 3 p.m. (PT)

Accelerator focus: The following four accelerator programs are designed for the more established startups. You are have a customer base. If that describes your startup, review the accelerator websites below. If you’re interested in scheduling a meeting — and you meet the program’s requirements — you can register now on CrunchMatch.

Participating accelerators

• NUMA helps early- and growth-stage international tech startups fast-track their growth and scale in the U.S. through virtual and in-person startup acceleration programs. You’ll find application requirements here.
• Techstars helps grow entrepreneurial ideas into world-changing businesses. You’ll find application requirements here.
• Entrepreneurs Roundtable Accelerator combines seed capital and hands-on help with an expert team to positively impact the trajectory of early-stage startups. You’ll find application requirements here.
• Plug and Play’s health vertical connects the best startups in the world to corporations who want to disrupt the healthcare industry. You’ll find application requirements here.

It’s not too late to take advantage of our accelerator speed networking sessions and reap the benefits that come with exposing your startup to thousands of Disrupt attendees from around the world. Simply purchase a Digital Startup Alley Exhibitor Package, and you’re eligible to meet and potentially pitch your way into an accelerator cohort that could change the trajectory of your business.

None of the above-mentioned accelerators fit your startup? Don’t worry, we have two more accelerator sessions on tap.

Date: September 9

Time: 1 p.m. – 3 p.m. PT

Accelerators: She Gets Sh!t Done, Halo Incubator, Startup Boost Pre- Accelerator, Global Startup Ecosystem (Her Future Summit)

Date:  September 10

Time: 1 p.m. – 3 p.m. PT

Accelerators: Plug and Play (IoT),  Backstage Capital,  Plug and Play (enterprise tech), StartEd Accelerator, Quake Capital 

Don’t miss your chance to connect with accelerators — and apply to their virtual programs. The first opportunity takes place on September 8, and it’s available only to startups exhibiting in Startup Alley at Disrupt 2020. Want in? Grab a Digital Startup Alley Exhibitor Package today and crack open a giant can of possibility.

Is your company interested in sponsoring or exhibiting at Disrupt 2020? Contact our sponsorship sales team by filling out this form.

At its global developer conference in June, Apple said its forthcoming iOS 14 update would allow users to opt out of in-app ad tracking, a privacy feature that quickly drew ire from advertising giants over fears that it would make it harder to deliver targeted ads to users.

But now Apple is delaying enforcing the feature until “early next year”, the company confirmed.

iOS 14, expected out later this year, will contain a new prompt that asks users whether they would like to opt into this kind of targeted ad tracking. Developers will be able to integrate this prompt into their apps as soon as iOS 14 is released, but they will not be required to, as Apple indicated they would earlier.

In a statement, Apple said:

We believe technology should protect users’ fundamental right to privacy, and that means giving users tools to understand which apps and websites may be sharing their data with other companies for advertising or advertising measurement purposes, as well as the tools to revoke permission for this tracking. When enabled, a system prompt will give users the ability to allow or reject that tracking on an app-by-app basis. We want to give developers the time they need to make the necessary changes, and as a result, the requirement to use this tracking permission will go into effect early next year.

Although Apple cites the necessity of giving developers time, major advertising companies like Facebook have warned that the change could severely impact their operations. “Apple’s updates may render Audience Network so ineffective on iOS 14 that it may not make sense to offer it on iOS 14,” the company said in a statement last week.

Putting these lucrative partnerships in jeopardy could hit Apple’s bottom line as well and may even affect whether some apps or services are available at all.

The exact date when the policy would be enforced, and other details of this compromise, will be announced later.

Micromobility, like many other industries, has faced a lot of uncertainty this year. Many shared electric scooter operators paused their services in the earlier days of the COVID-19 pandemic, but resumed operations after putting some safety measures into place. Meanwhile, some industry analysts have pointed to micromobility as a savior for cities where public transit is suffering as a result of low ridership.

Although there have been many layoffs and consolidation across the market, micromobility as a technological tool may be poised to come out of this year stronger than before. And despite the over-saturation companies in the micromobility market, there are still opportunities for new players.

That’s what we’ll be exploring at TC Sessions: Mobility with Tortoise Co-founder Dmitry Shevelenko, Elemental Excelerator Director of Innovation, Mobility Danielle Harris and Superpedestrian VP of Strategy and Policy Avra van der Zee.

Tortoise Co-founder and President Dmitry Shevelenko 

Given the volume of micromobility operators in the space today, Tortoise aims to make it easier for these companies to more strategically deploy their respective vehicles and reposition them when needed. Using autonomous technology in tandem with remote human intervention, Tortoise’s software enables operators to remotely relocate their scooters and bikes to places where riders need them, or, where operators need them to be recharged.

On an empty sidewalk, Tortoise may employ autonomous technologies, while it may rely on humans to remotely control the vehicle on a highly trafficked city block. Shevelenko will walk us through his company’s approach to building an operating system for micromobility providers.

Elemental Excelerator Director of Innovation, Mobility Danielle Harris

Given the challenges the COVID-19 pandemic has created in cities, there is room for electric bikes and scooters to provide alternative transportation options to cities. Additionally, there is growing interest in charging stations as well as the direct-to-consumer market, as society still grapples with ways to live among a deadly virus.

Harris, who used to work as an innovation strategist for San Francisco’s Municipal Transportation Agency’s Office of Innovation, has a a plethora of knowledge about how startups can best work with cities and provide them with relevant and effective mobility solutions.

Superpedestrian VP of Strategy and Policy Avra van der Zee

Superpedestrian first came on the scene with its vehicle diagnostics platform for shared electric scooters. This year, the company launched its own electric scooter provider, LINK, in partnership with Zagster. Avra van der Zee, who came on board to Superpedestrian after working at JUMP, is tasked with ensuring Superpedestrian continues to work well with cities in providing them micromobility services that fit their needs.

At TC Sessions: Mobility, you’ll hear from these experts about what’s next in micromobility.

Get your tickets for TC Sessions: Mobility to hear from these thought-leaders along with several other fantastic speakers from Waymo, Lyft, Nuro and more. Tickets are just $145 until September 4 at 11:59 p.m. PDT, with discounts for groups, students and exhibiting startups. We hope to see you there!