Home page logo

isn logo Information Security News mailing list archives

Now there's a bug bounty program for the whole Internet
From: InfoSec News <alerts () infosecnews org>
Date: Thu, 7 Nov 2013 08:22:52 +0000 (UTC)


By Dan Goodin
Ars Technica
Nov 6 2013

Microsoft and Facebook are sponsoring a new program that pays big cash rewards to whitehat hackers who uncover security bugs threatening the stability of the Internet at large.

The Internet Bug Bounty program, which in some cases will pay $5,000 or more per vulnerability, is sponsored by Microsoft and Facebook. It will be jointly controlled by researchers from those companies along with their counterparts at Google, security firm iSec Partners, and e-commerce website Etsy. To qualify, the bugs must affect software implementations from a variety of companies, potentially result in severely negative consequences for the general public, and manifest themselves across a wide base of users. In addition to rewarding researchers for privately reporting the vulnerabilities, program managers will assist with coordinating disclosure and bug fixes involving large numbers of companies when necessary.

The program was unveiled Wednesday, and it builds off a growing number of similar initiatives. Last month, Google announced rewards as high as $3,133.70 for software updates that improve the security of OpenSSL, OpenSSH, BIND, and several other open-source packages. Additionally, Google, Facebook, Microsoft, eBay, Mozilla, and several other software or service providers pay cash in return for private reports of security vulnerabilities that threaten their users.

"We're trying to broaden the scope a little bit and cover a lot of stuff that doesn't have a particular vendor behind it or things that all of us benefit from joining together to tackle," Alex Rice, a security researcher at Facebook, told Ars.


Find the best InfoSec talent without breaking your
recruiting budget! Post a Job, $99 for 31 days.
Hot InfoSec Jobs - http://www.hotinfosecjobs.com/

  By Date           By Thread  

Current thread:
  • Now there's a bug bounty program for the whole Internet InfoSec News (Nov 07)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]