PayPal Bounty Program Kicks Off

BOUNTY HUNTERS: PayPal is offering sweeter deals!!

PayPal Chief Information Security Officer, Michael Barrett said on the PayPal Blog:

Today I’m pleased to announce that we have updated our original bug reporting process into a paid “bug bounty” program. The experience from other companies such as Facebook, Google, Mozilla, Samsung and others who have  implemented similar programs has been very positive. I originally had reservations about the idea of paying researchers for bug reports, but I am happy to admit that the data has shown me to be wrong – it’s clearly an effective way to increase researchers attention on Internet-based services and therefore find more potential issues.

The bug reporting program has many different steps:

1. Bug reports are submitted by researchers.
2. The report is then categorized by the following criteria: A. Cross-site scripting (XSS), B. Cross Site Request Forgery (CSRF), C. SQL injection, D. Authentication bypass.
3. Severity and priority is determined.
4. Researcher is paid in their PayPal account.

See more information, if needed, on the PayPal Blog.