Twitter puts $140 on the head of site-breaking bugs to encourage hackers to report flaws
Twitter has announced that it will now offer bounties of $140 to code experts who locate bugs in the social network's coding that could be exploited to compromise security.
Twitter believes the scheme will close site flaws
The social network outlined a scheme on Thursday where it will pay those who find security flaws in the site a minimum of $140 as the prize for their vigilance and discretion.
The initiative was started by a company called HackerOne on Twitter’s behalf in June. The ‘bug bounty ‘payments were however only implemented this week to provide coders an incentive not to exploit any bugs they find.
The site revealed that it had learned of 44 site flaws through the scheme so far, but expects more hackers to participate in future as a result of the payments.
We're introducing a bug bounty program to thank researchers for responsibly-disclosed issues. Learn more: https://t.co/cXkWDsQuRe.
— Twitter Security (@twittersecurity) September 3, 2014
The HackerOne website explained: “Maintaining top-notch security online is a community effort, and we’re lucky to have a vibrant group of independent security researchers who volunteer their time to help us spot potential issues.
“To recognise their efforts and the important role they play in keeping Twitter safe for everyone we offer a bounty for reporting certain qualifying security vulnerabilities. “
In order to receive the bounty coders must be the first to notice the vulnerability - which must present a significant threat to the site.
Additionally, they must not disclose the flaw to third parties before it is resolved.
Electronic companies often use monetary rewards to incentivise hackers to report flaws. Earlier this year, Google announced that it will pay a bounty of up to $2.7m to hackers who find a “particularly surprising exploit” of any of its services.