PayPal sets up bug bounty program
Posted on 22 June 2012.
Joining the likes of Google, Facebook, Mozilla and others, PayPal has announced that it will be offering money for information about security bugs that affect their site (www.paypal.com).

"I have the privilege of leading a world renowned security team but we realize that no company can do it all alone," PayPal's CISO Michael Barrett wrote in a blog post. "To that end, we were one of the first companies to implement a bug reporting process for outside security researchers."

"I originally had reservations about the idea of paying researchers for bug reports, but I am happy to admit that the data has shown me to be wrong its clearly an effective way to increase researchers attention on Internet-based services and therefore find more potential issues," he concluded.

PayPal is searching for reports on XSS (cross site scripting), CSRF (cross site request forgery), SQL injection and authentication bypass vulnerabilities, but hasn't yet specified the bounty amount that the researchers can expect for their disclosures.

In order to be eligible for the bounty, they are bound to share the security issue with PayPal before making it public, provide full details of the security issue, and allow the company reasonable time to respond to the issue before disclosing it publicly.

PayPal also says that if a disclosure respects all the guidelines they outlined, they "will not bring a private action or refer a matter for public inquiry."






Spotlight

eBook: Cybersecurity for Dummies

Posted on 16 December 2014.  |  APTs have changed the world of enterprise security and how networks and organizations are attacked. These threats, and the cybercriminals behind them, are experts at remaining hidden from traditional security while exhibiting an intelligence, resiliency, and patience that has never been seen before.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  
DON'T
MISS

Thu, Dec 18th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //