PayPal will pay for bugs found in its system
The idea that “If users find bugs in our system, then we’ll pay them better than they will sell information to hackers”, which Google, Facebook, Samsung, Mozilla have been using for quite some time, and PayPal has also been successful.
PayPal Chief Security Officer Michael Barrett announced that his company is launching a reward program for independent developers who can detect vulnerabilities in the software or payment system architecture.
Competent users (who have a PayPal account, since they will be paid a reward) are advised to inform the company if they discover one of the following vulnerabilities: Cross-site scripting (XSS), cross-site request forgery (CSRF), SQL injection ( SQLi), as well as for the description of the possibility to bypass the user authentication mechanism on the system site.
')
There is a nuance - in advance about the size of payments is not said. Each case will be reviewed by the PayPal engineering team and, depending on the severity of the case in question, a specific decision will be made on the amount of remuneration. In this sense, Mozilla acts more honestly - the foundation immediately declares that the developer will receive an amount from $ 500 to $ 3000 for the found bugs in the products; Google does likewise - the search giant pays $ 500 for common vulnerabilities, but Google is willing to pay a larger amount for information on dangerous holes - also $ 3,000.
[ Source ]
PayPal Chief Security Officer Michael Barrett announced that his company is launching a reward program for independent developers who can detect vulnerabilities in the software or payment system architecture.
Competent users (who have a PayPal account, since they will be paid a reward) are advised to inform the company if they discover one of the following vulnerabilities: Cross-site scripting (XSS), cross-site request forgery (CSRF), SQL injection ( SQLi), as well as for the description of the possibility to bypass the user authentication mechanism on the system site.
')
There is a nuance - in advance about the size of payments is not said. Each case will be reviewed by the PayPal engineering team and, depending on the severity of the case in question, a specific decision will be made on the amount of remuneration. In this sense, Mozilla acts more honestly - the foundation immediately declares that the developer will receive an amount from $ 500 to $ 3000 for the found bugs in the products; Google does likewise - the search giant pays $ 500 for common vulnerabilities, but Google is willing to pay a larger amount for information on dangerous holes - also $ 3,000.
[ Source ]
Source: https://habr.com/ru/post/146400/
All Articles