BOSTON Nov 6 Three fierce Internet rivals are
teaming up to fight hackers by offering bounties, or cash
rewards, to researchers who find critical vulnerabilities in
widely used Web technology.
The program is sponsored by Facebook Inc and
Microsoft Corp with assistance from a Google Inc
security expert, who helped develop the program and
will sit on the panel that will evaluate submissions.
The bounties in this program range from $300 to $5,000
depending on the nature of the problem found. The rewards can go
higher at the discretion of a review panel. Full details are at:
"It is meant for those very, very severe bugs that would
have dire consequence for the Internet if they were to get into
the wrong hands," said Facebook Product Security Lead Alex Rice.
Submissions for the Internet Bug Bounty will be evaluated by
a panel of experts from Facebook, Microsoft, Google, the
security consulting firm iSEC Partners and Etsy, an online
The three rivals each offer bounty programs of their own to
computer security experts who have warned them of product bugs.
While the trio competes online in a variety of areas, when it
comes to security they cooperate with one another.
"Even if we are fierce competitors... the security teams
don't have to be competitors," Rice said. "Our competition is
the bad guys," Rice said.
Rice said the idea for the new bounty program came up one
day when he was having drinks with Katie Moussouris, who runs
Microsoft's bounty program and Chris Evans, who works on
Google's Chrome browser security team.
Microsoft separately expanded its own bounty program, which
offers up to $100,000 to experts who uncover novel ways to get
past advanced security features in its Windows program.