ADVERTISEMENT

SUPEREGO

Spotted a Bug on PayPal? Report It to Get Your Share of Their Bounty

Gallery Icon

bill-swift - June 28, 2012

A lot of people use PayPal for eBay and for all sorts of other purposes. If you happen to be a security expert and have a knack for finding bugs and vulnerabilities, then you may want to tune in to this announcement.

PayPal has just announced its bug bounty program, which promises monetary rewards to security researchers who report bugs and vulnerabilities they found on the site.

The company joins the ranks of other sites like Google, Mozilla, and Facebook, all of who offer compensation for any reported and verified bugs.

Today I'm pleased to announce that we have updated our original bug reporting process into a paid ‘bug bounty' program. The experience from other companies such as Facebook, Google, Mozilla, Samsung and others who have implemented similar programs has been very positive.

-- Michael Barrett, PayPal's Chief Information Security Officer

Here's how the bug bounty program works: once a researcher finds a bug, he or she then reports it to sitesecurity@paypal.com by using the PGP public key that they've made available here. PayPal's security team then looks into the report, their development team takes care of the bug, and then a payment will be issued to the researcher.

While a small handful of other companies have implemented bug bounties, we believe we are the first financial services company to do so. It's yet another example of the innovation that PayPal is bringing to shake up the industry as the world moves more and more payments online.

-- Michael Barrett, PayPal's Chief Information Security Officer

Tagged in: gear ,



Comments
Disclaimer: All rights reserved for writing and editorial content. No rights or credit claimed for any images featured on egotastic.com unless stated. If you own rights to any of the images because YOU ARE THE PHOTOGRAPHER and do not wish them to appear here, please contact us info(@)egotastic.com and they will be promptly removed. If you are a representative of the photographer, provide signed documentation in your query that you are acting on that individual's legal copyright holder status.



>