BEST OF THE WEB

Microsoft, Facebook back bug bounty program

Bounty hunters are often scorned by people as predators, but a new kind of searcher is sniffing around for a reward– the software bug hunter.

Microsoft Corp. and Facebook are sponsoring a new bug bounty program to give cash to those who hack, find and report vulnerabilities in software that supports the Internet stack. Targets include the PHP, Python and Perl programming languages and the open source Apache frameworks.

Details are on the Web site hackerone.com.

Some of the targets carry explicit rewards: There’s a minimum $5,000 available finding for an Internet-related vulnerability such as the BEAST SSL blockwise chose-boundary attack. For this reward vulnerabilities have to be widespread across a wide range of products or impacts a large number of users, be severe and be novel.

The minimum $1,500 reward for a Python-related bug has to completely compromise the system’s integrity or confidentiality – think of arbitrary code execution.

For some bugs there’s an extra reward for coming up with a patch.

Applicants have to be the first person to file a bug report for a particular vulnerability,  the vulnerability is confirmed to be a valid security issue and the applicant has complied with the guidelines. One is to do no harm to data or privacy.

The amount of each bounty payment will be determined by the response team or an independent panel will set the bounty.

A 10-person panel of experts including four each from Microsoft and Facebook and one from iSEC Partners will set up the response teams.

More details can be found in this story from Computerworld U.S.

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web