Microsoft and Facebook to back HackerOne internet bug bounties

Microsoft and Facebook to back HackerOne internet bug bounties

Summary: The hackers will receive several thousand dollars for fixing security issues in PHP, Perl, OpenSSL, Rails, nginx, Apache httpd, Python, Ruby, and the internet in general.

SHARE:
TOPICS: Security, Microsoft
1

HackerOne, a volunteer security organisation, has picked up the backing of software powerhouses Microsoft and Facebook to conduct a program of bug bounties. Or, as the program's internet page says, "Simply put: Hack all the things, send us the good stuff, and we'll do our best to reward you."

The program rewards users for finding security issues in a selection of software that powers the internet; if the hacker submits a patch for the issue, the reward can be increased. The full list of technologies qualifying for bounties is: PHP, Perl, OpenSSL, Rails, nginx, Apache httpd, Python, Ruby, django, and phabricator.

Two special categories exist that are not tied to one specific technology. The first is being able to break out of sandbox enclosures found in Chrome, Internet Explorer 10 EPM, Adobe Reader, and Adobe Flash. The second general category is simply entitled "The internet". To qualify for a bounty, the vulnerability should be widespread, novel, vendor agnostic, and severe.

Monetary rewards for the general categories start at $5,000, with the technology-focused bounties ranging from minimum payments of $2,500 for OpenSSL and as low as $300 for Phabricator.

HackerOne says in its FAQ that neither itself nor members of any vulnerability judging panel receive any portion of Microsoft and Facebook's funding, and that funding does not give sponsors any special access or rights to bug data.

Google has been running its own bounty program for security vulnerabilities for a number of years now, and recently announced that it had paid out over $2 million to hackers over the lifetime of its Chromium and Google Web Vulnerability Reward Programs.

Topics: Security, Microsoft

About

Chris started his journalistic adventure in 2006 as the Editor of Builder AU after originally joining CBS as a programmer. After a Canadian sojourn, he returned in 2011 as the Editor of TechRepublic Australia, and is now the Australian Editor of ZDNet.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

1 comment
Log in or register to join the discussion
  • the highest bidder

    Bet, some of those vulnerabilities are worth much more than $5000 to malicious types.
    danbi