Twitter awarded bug bounty hunters more than $300,000 in two years
In an increasingly interconnected world, cybersecurity continues to be a critical issue with technology behemoths constantly adopting innovative approaches to beef up their security against malicious cyberattacks, bugs and vulnerabilties.
In addition to employing their own team of security experts, many tech companies organize "bug bounties" to boost cybersecurity and offer financial rewards as an incentive to anyone who can find a hole in their digital infrastructure. For Twitter, its bug bounty programme has been "an invaluable resource for finding and fixing security vulnerabilities ranging from the mundane to the severe".
Launched in May 2014, Twitter's programme has received 5,171 reports over two years and has paid out a total of $322,420 to researchers, the company revealed in a blog post. A total of 1,662 researchers have received 'bounties' through the programme. The minimum payout anyone has got from the company was $140, while the maximum was $12,040. The average payout through the programme is $835.
In 2015, one bug hunter for Twitter reportedly made over $54,000 for reporting vulnerabilities. According to Twitter, the company typically pays in multiples of 140.
Although the company does offer a minimum of $15,000 to anyone who discovers remote code execution vulnerabilities, it says it hasn't received any such report yet. The company also notes that only 20% of fixed bugs have been publicly disclosed. According to the blog post, Twitter only allows publicly discloses bugs "after they have been fixed, at the request of the researcher."
The post also lists some of security researchers' biggest bug finds in 2015.
"By having bug bounty programmes, companies make sure the best hackers look at their code," computer scientist Gianluca Stringhini, assistant professor at University College London, told the BBC. "The more eyes look at the programme, the more bugs they find. It's also a way for these companies to identify talent."
Twitter, however, isn't the only big tech company offering incentives to researchers to motivate individuals and groups of white hat hackers to inform them about possible flaws and vulnerabilities in their networks and digital infrastructure.
In January, Google revealed that it paid out more than $6m since the launch of its own bug bounty programme in 2010. In 2015, the company paid more than 300 security researchers over $2m for finding more than 750 bugs.
Facebook said that it received over 2,400 valid submissions since its launch five years ago and has awarded more than $4.3m to more than 800 researchers. The average payout in 2015 was $1,780 per bug.
The social media giant recently awarded $10,000 to a 10-year Finnish boy who discovered he could infiltrate Facebook-owned Instagram and force delete users' comments and captions - the youngest hacker to receive a cash reward from Facebook so far.
Uber also launched its own bug bounty programme last month offering $10,000 to anyone who can find a major security flaw within its system.
© Copyright IBTimes 2024. All rights reserved.