PayPal Bounty Program Kicks Off
BOUNTY HUNTERS: PayPal is offering sweeter deals!!
PayPal Chief Information Security Officer, Michael Barrett said on the PayPal Blog:
Today I’m pleased to announce that we have updated our original bug reporting process into a paid “bug bounty” program. The experience from other companies such as Facebook, Google, Mozilla, Samsung and others who have implemented similar programs has been very positive. I originally had reservations about the idea of paying researchers for bug reports, but I am happy to admit that the data has shown me to be wrong – it’s clearly an effective way to increase researchers attention on Internet-based services and therefore find more potential issues.
The bug reporting program has many different steps:
- Bug reports are submitted by researchers.
- The report is then categorized by the following criteria: A. Cross-site scripting (XSS), B. Cross Site Request Forgery (CSRF), C. SQL injection, D. Authentication bypass.
- Severity and priority is determined.
- Researcher is paid in their PayPal account.
See more information, if needed, on the PayPal Blog.
Tags: Cross-site request forgery, Cross-site scripting, Facebook, Google, Michael Barrett, PayPal, Samsung, SQL injection
About Dr Jay
MarketerRecent Posts
Topics
Popular Tags
Editor’s Twitter
Error: Twitter did not respond. Please wait a few minutes and refresh this page.
Blogroll
- Securosis Blog
- ThreatMetrix Frauds & Ends Blog
- We Live Security (ESET)
- Crowdstrike Blog
- GFI Labs Blog
- Lavasoft Security Blog
- Spyware Sucks Blog
- SecuraGeek Forums
- F-Secure Weblog
- Web of Trust Blog
- Microsoft Malware Protection Center Blog
- Kafeine's Malware Don't Need Coffee
- Dejan Kosutic's ISO 27001/22301 Standards
- RKHunter Sec/Mal Blog
- DHS Daily Report (Homeland-Sec)
- Bart Blaze's Security Blog
- Xylitol's Xylibox Blog
- Security Affairs
- Arbor Networks
- MSNBC Red Tape Blog
- SANS Internet Storm Center
- SecureList Blog by Kaspersky
- Security Through Obscurity
- ThreatPost
- Lookout Mobile Security Blog
- Bill Mullins Weblog
- FireEye Blog
- Webroot Blog
- Malwarebytes Unpacked
- avast! blog
- Cyveillance Blog
- Delete Malware
- Skidlist
- Unmask Parasites
- Dynamoo's Blog
- Stop Badware Blog
- Tigzy's RogueKiller Blog
- US-CERT Computer Emergency Response Team
- Schneier on Security
- mxlab Blog
- Dancho Danchev's blog
- Fortinet FortiBlog
- SWW Blog
- Naked Security
- Damballa Press Center
- Slug Analysis Lab
- evilfantasy's Blog
- Contagio Malware Dump
- Security Battlefield with George Kurtz
- Krebs on Security