Twitter is the latest company to start a bug bounty programme in a bid to bolster security of its products. The bug bounty programme encourages hackers and security researchers to look for bugs in Twitter services and apps and offers them a chance to earn some money.Launched in partnership with HackerOne, a portal that connects freelancing web security researchers with companies, the Twitter bug bounty programme offers a minimum of $140 for every valid bug.
“Twitter may provide rewards to eligible reporters of qualifying vulnerabilities. Our minimum reward is $140. There is no maximum reward. Reward amounts may vary depending upon the severity of the vulnerability reported,” Twitter explained on its HackerOne page. While the payment sounds low, in reality hackers and security researchers can make big bucks if they discover critical bugs. Companies like Google andFacebook often pay tens of thousands of dollars to security researchers for discovering critical bugs in their products.
The companies also thank hackers who help them squash bugs with a personal note and mention their names in ‘hall of fame’ web pages.Twitter apparently started working with HackerOne three months ago but the information about the partnership surfaced only recently. According to Twitter’s profile page at HackerOne, so far freelancers have helped the company close 46 bugs.
The news of Twitter bug bounty programme will make a lot of amateur and professional web security experts in India happy. India has hundreds bounty hunters who are very active in looking for bugs at websites like Facebook and Google. In fact, the page where Twitter has thanked hackers is already teaming with Indians. Among the 44 hackers the company has thanked in the last three months, at least 10 are from India.
In April this year Facebook revealed that “India contributed the largest number of valid bugs at 136, with an average reward of $1,353” to the company’s bug bounty programme last year. Facebook paid around $1.5 million to bug hunters in 2013.
Last year, Facebook paid around Rs 8 lakh to a Chennai-based engineering graduate for discovering a bug that allowed anyone to delete a Facebook user’s private photographs.