US rivals team up in offering bounties to secure Internet

US rivals team up in offering bounties to secure Internet

BOSTON - Three fierce Internet rivals are teaming up to fight hackers by offering bounties, or cash rewards, to researchers who find critical vulnerabilities in widely used Web technology.

The programme is sponsored by Facebook Inc and Microsoft Corp with assistance from a Google Inc security expert, who helped develop the programme and will sit on the panel that will evaluate submissions.

The bounties in this programme range from $300 to $5,000 depending on the nature of the problem found. The rewards can go higher at the discretion of a review panel. Full details are at: https: hackerone.com/ibb.

"It is meant for those very, very severe bugs that would have dire consequence for the Internet if they were to get into the wrong hands," said Facebook Product Security Lead Alex Rice.

Submissions for the Internet Bug Bounty will be evaluated by a panel of experts from Facebook, Microsoft, Google, the security consulting firm iSEC Partners and Etsy, an online handcraft marketplace.

The three rivals each offer bounty programs of their own to computer security experts who have warned them of product bugs. While the trio competes online in a variety of areas, when it comes to security they cooperate with one another.

"Even if we are fierce competitors... the security teams don't have to be competitors," Rice said. "Our competition is the bad guys," Rice said.

Rice said the idea for the new bounty programme came up one day when he was having drinks with Katie Moussouris, who runs Microsoft's bounty programme and Chris Evans, who works on Google's Chrome browser security team.

Microsoft separately expanded its own bounty programme, which offers up to US100,000 (S$125,000) to experts who uncover novel ways to get past advanced security features in its Windows programme.

This website is best viewed using the latest versions of web browsers.