Payment services provider PayPal will reward security researchers who discover vulnerabilities in its website with money, if they report their findings to the company in a responsible manner.
If you manage to find a security flaw in any of PayPal’s products, you may be entitled to a cash reward. “I’m pleased to announce that we have updated our original bug reporting process into a paid ‘bug bounty’ program,” PayPal’s Chief Information Security Officer Michael Barrett said in a blog post on Thursday. While Barrett disclosed vulnerability categories, he did not say how much cash the firm will be offering.
Thwart-site scripting (XSS), thwart-site request falsification (CSRF), SQL injection (SQLi) and certification bypass vulnerabilities will be eligible for bounties, the amount of which will be chose by the PayPal security band on a case-by-case footing. Researchers need to be inflicted with a verified PayPal tab in order to receive the fiscal rewards.
PayPal follows in the track of companies like Google, Mozilla and Facebook with the intention of have implemented wellbeing reward programs for their online air force during the last link of years. “While a tiny handful of other companies be inflicted with implemented bug bounties, we judge we are the first financial air force company to do so,” Barrett understood.
Avram found and reported over 10 security issues in PayPal’s main and mobile websites during the past two weeks. Some of them were of high severity, he said, adding that PayPal’s staff responded every time.