The Internet Bug Bounty born of a partnership involving Google, Microsoft and Facebook. The program will offer cash prizes to anyone who is willing to share important vulnerabilities on the web. Depending on the severity of flaws discovered, the program is offering prizes of between $300 and $5,000. Higher bounties could be considered for vulnerabilities that might pose larger threats for internet users. Participation in the program will only be open to US residents with the bounty being handled by guardians in the case of researchers who fall below the 12 year old age bracket. Criteria for judging vulnerabilities include the severity of threats posed and uniqueness of the vulnerability. Vulnerabilities having a widespread impact will be considered over those targetting a single website.
A panel of experts drawn from iSEC partners, Micrsoft, Etsy, Facebook and Google will judge the implications of the vulnerabilities. The panel will define the rules of the program, allocate bounties to additional areas of security research and mediate disagreements that may arise.
According to Alex Rice, Facebook Product Security Lead, the idea came up when he, Katie Moussoris from Microsoft and Google’s Chris Evans were having drinks. Both Katie and Chris are part of their respective security teams at Microsoft and Google. To make the internet safer, a selection of important applications that supports the internet stack has already been compiled for testing. This includes python, ruby, perl and php; each with a minimum bounty of $1500.
Image Credits: BetaNews/Dilbert