By Jim Finkle
BOSTON (Reuters) – Three fierce Internet rivals are teaming up to fight hackers by offering bounties, or cash rewards, to researchers who find critical vulnerabilities in widely used Web technology.
The program is sponsored by Facebook Inc and Microsoft Corp with assistance from a Google Inc security expert, who helped develop the program and will sit on the panel that will evaluate submissions.
The bounties in this program range from $300 to $5,000 depending on the nature of the problem found. The rewards can go higher at the discretion of a review panel. Full details are at: https://hackerone.com/ibb.
“It is meant for those very, very severe bugs that would have dire consequence for the Internet if they were to get into the wrong hands,” said Facebook Product Security Lead Alex Rice.
Submissions for the Internet Bug Bounty will be evaluated by a panel of experts from Facebook, Microsoft, Google, the security consulting firm iSEC Partners and Etsy, an online handcraft marketplace.
The three rivals each offer bounty programs of their own to computer security experts who have warned them of product bugs. While the trio competes online in a variety of areas, when it comes to security they cooperate with one another.
“Even if we are fierce competitors… the security teams don’t have to be competitors,” Rice said. “Our competition is the bad guys,” Rice said.
Rice said the idea for the new bounty program came up one day when he was having drinks with Katie Moussouris, who runs Microsoft’s bounty program and Chris Evans, who works on Google’s Chrome browser security team.
Microsoft separately expanded its own bounty program, which offers up to $100,000 to experts who uncover novel ways to get past advanced security features in its Windows program.
(Reporting by Jim Finkle; Editing by Richard Valdmanis and Leslie Gevirtz)