Twitter paid $322,420 as part of HackerOne Bug Bounty Program

Twitter paid $322,420 as part of HackerOne Bug Bounty Program

As part of the HackerOne program, Twitter had paid $322,420 (approximately INR 2.1 crore) to researchers and bug hunters worldwide. These people critically diagnosed the Twitter system and reported vulnerabilities in the last two years.

Commenting on the development, Arkadiy Tetelman, software engineer at Twitter disclosed that the company maintain a secure development lifecycle that includes secure development training to everyone that ships code, security review processes, hardened security libraries and robust testing through internal and external services

Over the last two years, the company has received 5,171 submissions to the program from 1,662 researchers and 20 percent of resolved bugs were publicly disclosed. However, the company will disclose the bugs only after getting approval from the concened researcher.

While the average payout is $835, Twitter pays a minimum of $140 for discovery of a bug. If the researcher discovers a highly critical bug then he/she will be eligible for a high payout of $12,040.

In 2015, Twitter paid over $54000 to a single researcher for reporting wide range of vulnerabilities. The company is offering a minimum of $15000 for the discovery of remote code execution vulnerabilities.

After the launch of “HackerOne” program, th company discovered XSS inside Crashlytics Android app that renders part of its content inside a webview, which did not have adequate protection against cross site scripting attacks.

Twitter has been making use of “HackerOne” since May 2014. Tetelman further revealed that the program is an invaluable resource for finding and fixing security vulnerabilities ranging from the mundane to severe.

Comments

No comments yet. Why don’t you start the discussion?

Leave a Reply

Your email address will not be published. Required fields are marked *