PayPal Bounty Program Kicks Off
BOUNTY HUNTERS: PayPal is offering sweeter deals!!
PayPal Chief Information Security Officer, Michael Barrett said on the PayPal Blog:
Today I’m pleased to announce that we have updated our original bug reporting process into a paid “bug bounty” program. The experience from other companies such as Facebook, Google, Mozilla, Samsung and others who have implemented similar programs has been very positive. I originally had reservations about the idea of paying researchers for bug reports, but I am happy to admit that the data has shown me to be wrong – it’s clearly an effective way to increase researchers attention on Internet-based services and therefore find more potential issues.
The bug reporting program has many different steps:
- Bug reports are submitted by researchers.
- The report is then categorized by the following criteria: A. Cross-site scripting (XSS), B. Cross Site Request Forgery (CSRF), C. SQL injection, D. Authentication bypass.
- Severity and priority is determined.
- Researcher is paid in their PayPal account.
See more information, if needed, on the PayPal Blog.