11-07-2013 12:14 PM - edited 11-07-2013 12:19 PM
How do you make the internet safer?
While there's not a single, easy solution, Microsoft and Facebook are hoping their new bug bounty program can be of some assistance, according to PCWorld. Here's how it works: If a security researcher finds and reports a vulnerability in widely-used software that could affect a large amount of internet users, they'll receive a reward. But for how much?
"The bounty amounts will vary depending on the severity of the reported issues and the sofware they affect. For example, rewards finding vulnerabilities in Phabricator will start from $300 and can reach $3,000, but bounties for vulnerabilities in application sandboxes or Internet protocols will start at $5,000 and can be increased significantly at the discretion of the review panel. In th case of some software projects, submitting a patch along with a vulnerability report will double the bounty."
Also, you don't have to be a security researcher to reap the benefits of the program, as long as you comply with the program's disclosure philosophy and guidelines. Click the aforementioned link for the full story.
11-07-2013 12:22 PM
Thanks Yegor for the interesting read!
Yeah, why not but there is always possibility that the second side of IT business (illegal) will pay more to obtain access to a found vulnerability.
BTW, how much Webroot is willing to spend for finding a WSA vulnerability?