Twitter to Pay $140 for Finding Bug
Following security breaches that have shook confidence in
many online services, Twitter today announced the launch of its bug bounty
program that will pay security researchers for responsibly reporting threats
through HackerOne, a bug bounty program provider. Twitter will pay a minimum of
$140 per threat reported on Twitter.com, twitter, mobile Twitter, TweetDeck, and
its iOS and Android apps. Twitter actually began working with HackerOne three
months ago according to its bug timeline, but it seems the Apple celebrity
photo hack has catapulted cyber security to a new level of mainstream interest,
and Twitter wanted to show that it takes keeping its users safe quite
seriously.
Twitter writes “To recognize their efforts and the
important role they play in keeping Twitter safe for everyone we offer a bounty
for reporting certain qualifying security vulnerabilities.” Already the program
has recognized 44 hackers for helping Twitter close 46 bugs.
Some large companies like Facebook run their own bug
bounty programs, but HackerOne offers a plug-and-play solution for companies
that want the benefits of crowd sourced bug hunting without having to fiddle
with administering the program themselves. Others that employ HackerOne include
Yahoo, Square, Mail Chimp, Slack and Coin base. HackerOne recently raised $9
million to expand and market its programs. HackerOne was co-founder by Alex
Rice, a former Facebook security team member who saw the social network’s
self-run bug bounty program save the company from tons of threats.
For comparison, Twitter offers a higher minimum reward
than the $50 Yahoo provides or the $100 from Slack, but significantly less than
the $1,000 bounty from Coin base, $250 from Square, or the $500 Facebook
provides with its in-house program.
Some are calling on Apple to work more closely with
outside security research following the celebrity photo iCloud hacks this week.
Instead, yesterday it passed blame on to users for not choosing more secure
passwords or enabling additional protections. While it does cooperate with
independent experts via VUPEN, some believe a more open program could have
identified some of the tactics used to steal access to iCloud accounts of stars
like Jennifer Lawrence. Perhaps Twitter’s move will encourage Apple to rethink
how it includes the community in boosting security.
No comments:
Post a Comment