Twitter paid $322,420 as part of HackerOne Bug Bounty Program

As part of the HackerOne program, Twitter had paid $322,420 (approximately INR 2.1 crore) to researchers and bug hunters worldwide. These people critically diagnosed the Twitter system and reported vulnerabilities in the last two years.

Commenting on the development, Arkadiy Tetelman, software engineer at Twitter disclosed that the company maintain a secure development lifecycle that includes secure development training to everyone that ships code, security review processes, hardened security libraries and robust testing through internal and external services

Over the last two years, the company has received 5,171 submissions to the program from 1,662 researchers and 20 percent of resolved bugs were publicly disclosed. However, the company will disclose the bugs only after getting approval from the concened researcher.

While the average payout is $835, Twitter pays a minimum of $140 for discovery of a bug. If the researcher discovers a highly critical bug then he/she will be eligible for a high payout of $12,040.

In 2015, Twitter paid over $54000 to a single researcher for reporting wide range of vulnerabilities. The company is offering a minimum of $15000 for the discovery of remote code execution vulnerabilities.

After the launch of “HackerOne” program, th company discovered XSS inside Crashlytics Android app that renders part of its content inside a webview, which did not have adequate protection against cross site scripting attacks.

Twitter has been making use of “HackerOne” since May 2014. Tetelman further revealed that the program is an invaluable resource for finding and fixing security vulnerabilities ranging from the mundane to severe.

DONT MISS  HTC U Ultra Gets Better With July Security Update In USA

Anand Narayanaswamy is the editor-in-chief of Netans. He was recognized as a Microsoft Most Valuable Professional (MVP) for 9 years (2002 to 2011) and currently part of MVP Reconnect program. He is also part of the prestigious ASPInsider program. Anand has published several articles and reviews related to various software and hardware products for various software and technology related websites. He is also active on social media and also participates as an Influencer for various brands. Anand can be reached at admin@netans.com