Two of technology’s titans have teamed up in hopes of finding and correcting security issues on the internet. Microsoft and Facebook have formed HackerOne which will reward hunters and researchers for turning in bugs with OpenSSL, Apache, PHP, Perl, and so on.
The bounties run from $300 to $5,000 and are based on the severity of the issue and what kind of threat it would pose. To judge the submitted bounties, Microsoft and Facebook have brought together a panel of volunteers from their respective companies as well as competitor Google. There are also rules for the reporting and disclosure of security issues.
The trio of Microsoft, Facebook, and Google regularly compete online in various areas and that healthy competition could be hindered by security issues that could cause severe vulnerabilities.
In speaking with Reuters, Alex Rice, the head of Facebook’s product security spoke on the cooperation among the companies, “Even if we are fierce competitors the security teams don’t have to be competitors.”
Microsoft and Facebook have their own bug bounty programs related to their own services and products and give monetary rewards based on similar criteria of bug severity and the specific vulnerability. So far Microsoft has paid close to $130,000—the bulk of that being related to flaws with Windows 8.1.
Recently Facebook was recently accused of ignoring two warnings of a security flaw from a researcher Khalil Shreateh who eventually posted the details on Mark Zuckerberg’s wall. As result of the actions Khalil took, Facebook dropped the bounty.
Khalil would’ve received $500 from Facebook, but is getting more via a GoFundMe campaign that has reached over $13,000 so far.
Federal Prosecutors Brings In Hacker Ring, $300 Million in Damages
Twitter To Increase Security After Account Attacks
The FBI and Microsoft’s Botnet Hunting Excursion’s Numbers Revealed