Skip to main content

Microsoft and Facebook team up to offer Internet Bug Bounty

Microsoft and Facebook have teamed up to launch a new scheme aimed at identifying security vulnerabilities in some of the Internet's key technologies.

The pair have teamed up - with support from Google's security team - to form HackerOne, which will be funding the Internet Bug Bounty aimed at 'friendly hackers'.

"We've selected some of the most important software that supports the Internet stack, and we want you to hack it," the HackerOne website explains.

"If the public is demonstrably safer as a result of your contribution to Internet security, we'd like to be the first to recognise your work and say "thanks" by sending some cash to you or your favorite non-profit."

The programme is offering a minimum of $5000 (£3100) for reports on security issues with Sandbox and the entire Internet - "Simply put: hack all the things, send us the good stuff, and we'll do our best to reward you," the team says.

Lower minimum rewards are advertised for hacking OpenSSL (the de facto standard for enabling cryptographically secure communication) and a number of popular open source programming languages including PHP, Ruby, Python and Perl.

Submissions will be judged by a panel of security experts from Facebook, Microsoft, Google and Etsy. "It is meant for those very, very severe bugs that would have dire consequence for the Internet if they were to get into the wrong hands," Facebook Product Security Lead Alex Rice told Reuters.

Rice said the idea for the new scheme arose whilst he was having a drink with Katie Moussouris, who runs Microsoft's bounty programme and Chris Evans, who works on Google's Chrome security team.

"Even if we are fierce competitors... the security teams don't have to be competitors," he said. "Our competition is the bad guys."

This latest bug bounty programme comes as Microsoft recently expanded its own scheme to offer rewards of up to $100,000 (£62,000) for reporting active attacks and new techniques of hacking Windows software.