Twitter paid 2.1 crores under its HackerOne' programme in 2 years
Mumbai: Microblogging site Twitter has been going through numerous changes over the past few months and has encountered numerous errors during the process.
However, the effect has been limited to a bare minimum due to its ‘HackerOne’ bug bounty programme, which offered a platform to independent security professionals and bug bounty hunters to spot errors—both major and minor—for some amount of money.
Well, Twitter has recently revealed that it has given away a whopping $3,22,420 (Rs 2.1 crores) to researchers and bug hunters, under the programme, for identifying numerous bugs and threats on the website.
In a blogpost, Twitter software engineer Arkadiy Tetelman pointed out that security is a top priority for the company. “We are constantly evolving to respond to new threats and attacks against our users and our systems,” he said.
“We also maintain a secure development lifecycle that includes secure development training to everyone that ships code, security review processes, hardened security libraries and robust testing through internal and external services – all to maximize the security we provide to our users,” Tetelman added.
Apart from these measures, they also engaged with the broader infosec community through the company’s bug bounty programme, allowing security researchers to responsibly disclose vulnerabilities to us so that we can respond and address these issues before they are exploited by others.
“We’ve been running our program on HackerOne since May 2014 and have found the program to be an invaluable resource for finding and fixing security vulnerabilities ranging from the mundane to severe.”
Moving on, the program has received 5,171 submissions from a total number of 1,662 researchers and bug hunters, out of which 20 per cent of the resolved bugs have been publicly disclosed. The average payout for rectifying a bug is approximately $835.
The blog post pointed out that the minimum amount paid out for an error was $140 whereas the highest payout till date was $12,040.
Congrats @filedescriptor for record $12k award from @twittersecurity, and thanks for making the Internet safer! pic.twitter.com/z6RLUBOIlr
— HackerOne (@Hacker0x01) December 22, 2015
In addition, the blog also mentioned that one lucky researcher had made more than $54,000 for reporting vulnerabilities in 2015. The program also offers a minimum of $15,000 for remote code execution vulnerabilities, but the company is yet to receive such a report.
Tetelman explained that the growth witnessed in terms of vulnerabilities reported and payout amounts clearly indicated a rise in the participation of ethical hackers in the program.
Last but not the least; he also cited a number of bugs unveiled through the program, which have made the micro-blogging site safer and efficient for users.
Lastly, he thanked all the security researchers and bug hunters who have worked hard to report vulnerabilities in Twitter. “If you’re interested in helping keep Twitter safe & secure too then head on over to our bug bounty program, or apply to one of our open security positions!” he said.
