Twitter announced on Wednesday that it would reward security researchers for finding bugs and vulnerabilities with the launch of a new bug bounty program.
The program was launched in partnership with HackerOne, a third-party bug bounty program that will offer rewards starting from $140 and maximum rewards for major bugs. Though Twitter announced the program yesterday, the company had launched the program with HackerOne three months ago, as mentioned by Hacker One.
“Twitter will determine in its discretion whether a reward should be granted and the amount of the reward,” said the HackerOne page.
The HackerOne page also states the 46 bugs that were fixed in Twitter and bugs that were found in Vine. The program will offer cash rewards to researchers who find bugs on the desktop site, iOS or Android apps of the microblogging social network. However, no rewards will be applicable to bugs that are found on Tweetdeck, Vine and many other ad-companies, though bug reporters will be mentioned in the Hall Of Fame. The Hall of Fame celebrity-group also includes companies like Apple, Adobe, Ebay, Evernote, Blackberry and Ebay who only mention the name and do not offer rewards.
Recently, Google awarded a researcher $30,000 though its bug bounty program for finding a flaw in Chrome 37 that could have led to a remote hacking out the Chrome Sandbox. Mozilla launched its bug bounty program in 2004 and has posted a $10,000 bounty for bug hunters in the company’s new verification library. Microsoft is also known to offer a $100,000 bounty when reporting the major flaws.
[ Source ]