PayPal sets up bug bounty program
Posted on 22 June 2012.
Joining the likes of Google, Facebook, Mozilla and others, PayPal has announced that it will be offering money for information about security bugs that affect their site (www.paypal.com).

"I have the privilege of leading a world renowned security team but we realize that no company can do it all alone," PayPal's CISO Michael Barrett wrote in a blog post. "To that end, we were one of the first companies to implement a bug reporting process for outside security researchers."

"I originally had reservations about the idea of paying researchers for bug reports, but I am happy to admit that the data has shown me to be wrong Ė itís clearly an effective way to increase researchers attention on Internet-based services and therefore find more potential issues," he concluded.

PayPal is searching for reports on XSS (cross site scripting), CSRF (cross site request forgery), SQL injection and authentication bypass vulnerabilities, but hasn't yet specified the bounty amount that the researchers can expect for their disclosures.

In order to be eligible for the bounty, they are bound to share the security issue with PayPal before making it public, provide full details of the security issue, and allow the company reasonable time to respond to the issue before disclosing it publicly.

PayPal also says that if a disclosure respects all the guidelines they outlined, they "will not bring a private action or refer a matter for public inquiry."






Spotlight

Patching: The least understood line of defense

Posted on 29 August 2014.  |  How many end users, indeed how many IT pros, truly get patching? Sure, many of us see Windows install updates when we shut down our PC and think all is well. Itís not.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Tue, Sep 2nd
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //