|Bug Bounty Bonanza|
|Written by Sue Gee|
|Tuesday, 24 October 2017|
HackerOne's annual Hack the World Challenge has opened with additional monetary rewards and double points from its sponsors. Google has a new Android App Bug Bounty program on HackerOne and GitHub has doubled the rewards in its Bug Bounty Program.
GitHub's new payout scale now goes from $555 as the minimum to a maximum of $20,000, and, as the announcement explains, is to keep the reward structure inline with those of top security bug bounty programs.
Specifically GitHub states:
This bump to our payouts aligns with Hack the World, an annual hacking competition by HackerOne, which kicked off this morning (October 18th) and runs until November 18th. During this time participants compete against each other to find the most security vulnerabilities across all sites on HackerOne's platform. We're one of the sponsors, which means hackers will be rewarded with twice the reputation points on HackerOne when finding bugs on GitHub over the next month! As an additional incentive, we will also be rewarding all valid submissions with free unlimited private repositories for life. The increased bounty payouts are here to stay, but unlimited private repositories will only rewarded on reports submitted on or before November 18th!
HackerOne is the vulnerability coordination and bug bounty platform created by security leaders from Facebook, Microsoft and Google. The Internet Bug Bounty program was originally hosted by HackerOne and now it maintains the HackerOne Directory as a community-curated resource for contacting the security teams of many and varied organizations.
The first Hack the World contest was held last year and has been expanded for this second iteration with participation from these sponsors all of which will be offering double points for any valid vulnerabilities found during the Hack the World 2017 period.
It is UBER that is offering the highest prize during the contest with a $20K bonus for "the most impactful bug of the competition"; double the minimum bounty ($1K instead of $500) for valid reports from first 20 new researchers who have never previously submitted to UBER; and a $5K bonus for the top two hackers of Hack the World, even if they didn't submit to UBER's program. Coinbase will reward the top three three most impactful bugs with an additional $10,000, $7,500 and $5,000 while Mapbox is offering a double bounty for top report during the competition and a $1000 bonus to honorable mentions. Other prizes from sponsors may be announced throughout the competition and private programs that are participating will directly message hackers regarding their participation.
Although it isn't participating in Hack the World, Google is setting up the Google Play Security Reward Program is partnership with HackerOne. This new program promises $1,000 to anyone who can identify security vulnerabilities in participating Google Play apps. These are Google's own apps and others from third parties including Tinder, Duolingo, Dropbox, Snapchat, and Headspace. The thirteen apps currently participating were selected based on their popularity among Android users.
The program essentially means that developers can expect a bonus reward on top of what they would already receive and this should attract more participants to the HackerOne platform.
Announcing the new Google Program the HackerOne blog point outs:
HackerOne’s customers have already resolved over 55,000 valid security vulnerabilities with help from the hacker community. With your help, we will resolve even more vulnerabilities and make Android the safest computing platform in the world for the more than 2 billion active devices.
or email your comment to: firstname.lastname@example.org
|Last Updated ( Tuesday, 24 October 2017 )|