Microsoft and Facebook have launched a new bug bounty program to the attention of security experts. For each "massive and critical" flaw identified on various web products and languages, they will receive a reward ranging from several hundred to several thousand dollars.
This new "bounty program" is primarily aimed at computer security experts who can highlight vulnerabilities that may impend on the development of web tools and applications.
It comes with several conditions:
- A critical flaw involving a large number of users,
- A bug affecting several editors,
- A bug affecting a publisher with a dominant position.
The reward threshold varies depending on the size and type of flaw detected.
Facebook and Microsoft challenge the "white hat hackers
" to find flaws affecting programs, languages, security mechanisms and tools: Sandbox, OpenSSL, Python, Ruby, PHP, Rails, Perl , Phabricator, Nginx , or Apache httpd.
Note that: security experts outside the United States are allowed to participate in Hackerone ( with the exception of some countries) and must register via this online form
Learn more: https://www.hackerone.com/internet-bug-bounty
Illustration Microsoft/Facebook - Hackerone
Original document published on CommentcaMarche.net