Twitter Takes Out a Bounty on Bugs
Twitter is taking steps to ensure its platform’s security, as the social network has launched a bug bounty program that will pay security researchers that report qualifying security vulnerabilities.
The program is being run through Hackerone and is offering a minimum reward of $140 and no maximum reward. The reward amounts will vary depending on the severity of the vulnerability reported according to Twitter. So far, the program has already thanked 44 hackers and closed 46 bugs.
In order to receive a monetary reward, hackers must be the first to report the vulnerability on a qualifying site or application. Moreover, hackers can’t be legally prohibited from being rewarded and are not allowed to publicly disclose the vulnerability prior to a resolution. It is also important to note that qualifying vulnerabilities must be design or implementation issues that are reproducible and affect the security of Twitter users, such as cross site scripting (XSS), cross site request forgery (CSRF), remote code execution (RCE), unauthorized access to promoted tweets or unauthorized access to DMs.
“Depending on their impact, not all reported issues may qualify for a monetary reward,” the program announcement states. “However all reports are reviewed on a case-by-case basis and any report that results in a change being made will at a minimum receive Hall of Fame recognition.”