On the heels of the iCloud hacks that have violated the privacy of hundreds of celebrities, Twitter has introduced a bug bounty program to fortify its platform’s security. Researchers are set to get a minimum of $140 for reporting vulnerabilities and flaws to the microblogging service.
The program will be initiated through HackerOne, a security organization backed by Facebook and Microsoft and headed by ex-Facebook security professional Alex Rice. Researchers will need to report threats found on Twitter.com, mobile Twitter, ads.twitter, apps.Twitter, TweetDeck and its iOs and Android apps through HackerOne. They are required to report before disclosing their finding publicly to prevent malicious elements from capitalizing on it, which is a standard protocol followed by security researchers.
Researchers qualify for bounties for reporting vulnerabilities that cause cross-site request forgery, cross-site scripting, remote code execution or unauthorized access to protected tweets.
The latest move by Twitter underscores the growing acceptance of community, crowdsourced security programs. Yahoo, MailChimp, Coinbase and Square are already using HackOne to safeguard against threats. Facebook has its own bug bounty program, which pays $500. Yahoo pays $50 while Coinbase’s generous reward comes in at $1000. However, Google was among the first companies to launch a reward program of this kind in 2010, to boost the security of its online properties.
Twitter’s bug timeline reveals that it has been working with HackerOne for the past three months. Its bug bounty program has already been helpful in closing 46 bugs and acknowledged the assistance of 44 hackers.