Now there's a bug bounty program for the whole Internet

[InfoSec News <alerts () infosecnews org>]

http://arstechnica.com/security/2013/11/now-theres-a-bug-bounty-program-for-the-whole-internet/

By Dan Goodin
Ars Technica
Nov 6 2013

Microsoft and Facebook are sponsoring a new program that pays big cash 
rewards to whitehat hackers who uncover security bugs threatening the 
stability of the Internet at large.

The Internet Bug Bounty program, which in some cases will pay $5,000 or 
more per vulnerability, is sponsored by Microsoft and Facebook. It will be 
jointly controlled by researchers from those companies along with their 
counterparts at Google, security firm iSec Partners, and e-commerce 
website Etsy. To qualify, the bugs must affect software implementations 
from a variety of companies, potentially result in severely negative 
consequences for the general public, and manifest themselves across a wide 
base of users. In addition to rewarding researchers for privately 
reporting the vulnerabilities, program managers will assist with 
coordinating disclosure and bug fixes involving large numbers of companies 
when necessary.

The program was unveiled Wednesday, and it builds off a growing number of 
similar initiatives. Last month, Google announced rewards as high as 
$3,133.70 for software updates that improve the security of OpenSSL, 
OpenSSH, BIND, and several other open-source packages. Additionally, 
Google, Facebook, Microsoft, eBay, Mozilla, and several other software or 
service providers pay cash in return for private reports of security 
vulnerabilities that threaten their users.

"We're trying to broaden the scope a little bit and cover a lot of stuff 
that doesn't have a particular vendor behind it or things that all of us 
benefit from joining together to tackle," Alex Rice, a security researcher 
at Facebook, told Ars.

[...]



--
Find the best InfoSec talent without breaking your
recruiting budget! Post a Job, $99 for 31 days.
Hot InfoSec Jobs - http://www.hotinfosecjobs.com/