Bug bounty-hunter reward program Hackerone offers the usual cash fees for hackers who can successfully point out a bug, but it comes from an unlikely source: a coalition of rival companies Microsoft, Facebook, and Google.
All three firms fund the rewards, which range from $300 to $5,000, depending on the “size” of the security hole the hackers find. The actual amounts will be determined by a panel of employees from all three companies and may actually be higher than the $5,000 limit if the security breach discovered is meaningful enough. Anyone, anywhere (except for U.S. trade-restricted nations like Iran), even children are welcome to enter the hunt, which Hackerone suggests could cover bugs in web infrastructure technologies as well as other software.
The companies also run their own bug-spotting programs. Microsoft recently revealed a serious bug affecting its Office software (it has been patched) and paid $100,000 to a British hacker who found a bug in Windows 8.1. Google, meanwhile, has expanded its own bug reward program to cover open-source software.KE