Microsoft and Facebook Reward For Securing Internet

Microsoft and Facebook are sponsoring a new program that pays big cash rewards to whitehat hackers who uncover security bugs threatening the stability of the Internet at large.
The Internet Bug Bounty program, which in some cases will pay $5,000 or more per vulnerability, is sponsored by Microsoft and Facebook. It will be jointly controlled by researchers from those companies along with their counterparts at Google, security firm iSec Partners, and e-commerce website Etsy. To qualify, the bugs must affect software implementations from a variety of companies, potentially result in severely negative consequences for the general public, and manifest themselves across a wide base of users. In addition to rewarding researchers for privately reporting the vulnerabilities, program managers will assist with coordinating disclosure and bug fixes involving large numbers of companies when necessary.

Rewards designed to improve security of software critical to Internet's health.
The program was unveiled Wednesday, and it builds off a growing number of similar initiatives. Last month, Google announced rewards as high as $3,133.70 for software updates that improve the security of OpenSSL, OpenSSH, BIND, and several other open-source packages. Additionally, Google, Facebook, Microsoft, eBay, Mozilla, and several other software or service providers pay cash in return for private reports of security vulnerabilities that threaten their users. "We're trying to broaden the scope a little bit and cover a lot of stuff that doesn't have a particular vendor behind it or things that all of us benefit from joining together to tackle," Alex Rice, a security researcher at Facebook, told Ars.
"We've got a lot of customers in common," Microsoft security researcher Katie Moussouris added. "It makes sense for us to join together and make the Internet safer for everybody."

The program will pay rewards for sandbox escapes that typically manifest as a vulnerability in an OS kernel or an implementation error. It will also pay minimum bounties of $5,000 for significant vulnerabilities that affect the Internet at large.

 Another focus of the program is to help secure widely used open-source software. Titles listed on the website included OpenSSL, Python, Ruby, PHP, Django, Rails, Perl, Phabricator, Nginx, and Apache. Minimums start at $300 for some programs and up to $2,500 for others.

Milan Tomic

Hi. I’m Designer of Blog Magic. I’m CEO/Founder of ThemeXpose. I’m Creative Art Director, Web Designer, UI/UX Designer, Interaction Designer, Industrial Designer, Web Developer, Business Enthusiast, StartUp Enthusiast, Speaker, Writer and Photographer. Inspired to make things looks better.

  • Image
  • Image
  • Image
  • Image
  • Image
    Blogger Comment
    Facebook Comment


Post a Comment