SOCIAL NETWORK Twitter is offering the muscle flexing security research community the chance to earn some pocket money by protecting its punters.
The firm is kicking off a bug reward program with a minimum reward offer of $140. While this is low it is also a reference to the character limit on Twitter, and can scale upwards depending on the severity of the bug.
Third party report and reward outfit Hackerone is taking care of this for Twitter and the terms of the offer are revealed on its websited.
We're introducing a bug bounty program to thank researchers for responsibly-disclosed issues. Learn more: https://t.co/cXkWDsQuRe.— Twitter Security (@twittersecurity) September 3, 2014
"Maintaining top-notch security online is a community effort, and we're lucky to have a vibrant group of independent security researchers who volunteer their time to help us spot potential issues," it said. "To recognize their efforts and the important role they play in keeping Twitter safe for everyone we offer a bounty for reporting certain qualifying security vulnerabilities."
Vulnerabilities can be tagged at Twitter.com and in the Twitter iOS and Android apps. Other apps or routes will be added over time, explained the firm.
The reporting system is live already and the reward programme is a new addition. So far reports look light, at just 44, but this could change when money starts changing hands.
Payment is not guaranteed and only worthy applicants will get a minimum $140. Anyone that spots a doozy of an issue will be warmed by the revelation that there is "no maximum reward".
"Twitter will determine in its discretion whether a reward should be granted and the amount of the reward. This is not a contest or competition," it added. "Rewards may be provided on an ongoing basis so long as this program is active."
Qualifying vulnerabilities, ones most likely to result in cash money, are those having to do with unauthorised access to accounts or direct messages, and cross site scripting and remote code execution bugs. µ
Tags: Social Media