Teknocivil - WOW.. Twitter Has Paid Out $322,420 in Its 'HackerOne' worm Bounty Programme, Micro-blogging web page Twitter has paid $322,420 (roughly Rs. 2.1 crores) to researchers and bug hunters who, beneath its worm bounty "HackerOne" software, have disclosed vulnerabilities in the last two years.
"We handle a stable construction lifecycle that features secure development coaching to everyone that ships code, safety review tactics, hardened safety libraries and powerful trying out thru interior and exterior products and services - all to maximise the protection we provide to our users," Arkadiy Tetelman, software engineer at Twitter, mentioned in a blog poston Friday.
On top of these measures, the company additionally engages the broader data safety neighborhood through their computer virus bounty application, allowing safety researchers to responsibly reveal vulnerabilities to the company so that they may be able to can respond and handle these considerations prior to they're exploited by means of others.
the corporate has been utilising "HackerOne" considering the fact that may 2014 and has discovered the program to be a useful useful resource for finding and fixing safety vulnerabilities starting from the mundane to severe, Tetelman added.
He referred to that in two years, the company has obtained 5,171 submissions to this system from 1,662 researchers and 20 % of resolved bugs had been publicly disclosed (on the request of the researcher).
"we have now paid out a complete of $322,420 (USD) to researchers. Our average payout is $835. Our minimal payout is $a hundred and forty and our highest payout to this point used to be $12,040 (our payouts are at all times a a couple of of a hundred and forty)," Tetelman noted.
"WOW.. Twitter Has Paid Out $322,420 in Its 'HackerOne' worm Bounty Programme"
In 2015 on my own, a single researcher remodeled $54,000 (roughly Rs. 36 lakhs) for reporting vulnerabilities, the software engineer stated.
"We also provide no less than $15,000 (roughly Rs. 10 lakhs) for far off code execution vulnerabilities, but we now have but to obtain any such report," he introduced.
Tetelman mentioned some great bugs uncovered through the program, together with XSS inside of Crashlytics Android app that renders a part of its content inside of a webview, which didn't have enough safety against move website online scripting assaults.
He additionally talked about "IDOR allowing credit card deletion" -- a simple insecure direct object reference worm on the credit card deletion endpoint allowed an attacker to delete, but now not view, bank cards no longer belonging to them.
"if you're excited by serving to keep Twitter protected and steady too then head on over to our worm bounty application, or follow to one of our open security positions!" he stated.
0 Response to "WOW.. Twitter Has Paid Out $322,420 in Its 'HackerOne' Worm Bounty Programme"
Post a Comment