Spotted a Bug on PayPal? Report It to Get Your Share of Their Bounty

A lot of people use PayPal for eBay and for all sorts of other purposes. If you happen to be a security expert and have a knack for finding bugs and vulnerabilities, then you may want to tune in to this announcement.

PayPal has just announced its bug bounty program, which promises monetary rewards to security researchers who report bugs and vulnerabilities they found on the site.

The company joins the ranks of other sites like Google, Mozilla, and Facebook, all of who offer compensation for any reported and verified bugs.

Today I’m pleased to announce that we have updated our original bug reporting process into a paid ‘bug bounty’ program. The experience from other companies such as Facebook, Google, Mozilla, Samsung and others who have implemented similar programs has been very positive.

-- Michael Barrett, PayPal’s Chief Information Security Officer

Here's how the bug bounty program works: once a researcher finds a bug, he or she then reports it to sitesecurity@paypal.com by using the PGP public key that they've made available here. PayPal's security team then looks into the report, their development team takes care of the bug, and then a payment will be issued to the researcher.

While a small handful of other companies have implemented bug bounties, we believe we are the first financial services company to do so. It’s yet another example of the innovation that PayPal is bringing to shake up the industry as the world moves more and more payments online.

-- Michael Barrett, PayPal’s Chief Information Security Officer