Twitter Taps HackerOne To Launch Its Bug Bounty Program
Following security breaches that have shook confidence in many online services, Twitter today announced the launch of its bug bounty program that will pay security researchers for responsibly reporting threats through HackerOne, a bug bounty program provider. Twitter will pay a minimum of $140 per threat reported on Twitter.com, ads.twitter, mobile Twitter, Tweetdeck, apps.twitter, and its iOS and Android apps. Twitter actually began working with HackerOne three months ago according to its bug timeline, but it seems the Apple celebrity photo hack has catapulted cybersecurity to a new level of mainstream interest, and Twitter wanted to show it takes keeping its users safe quite seriously.
Twitter writes “To recognize their efforts and the important role they play in keeping Twitter safe for everyone we offer a bounty for reporting certain qualifying security vulnerabilities.” Already the program has recognized 44 hackers for helping Twitter close 46 bugs.
Some large companies like Facebook run their own bug bounty programs, but HackerOne offers a plug-and-play solutions for companies that want the benefits of crowdsourced bug hunting without having to fiddle with adminsitering the program themselves. Others that employ HackerOne include Yahoo, Square, MailChimp, Slack, and Coinbase. HackerOne recently raised $9 million to expand and market its programs. HackerOne was co-founder by Alex Rice, a former Facebook security team member who saw the social network’s self-run bug bounty program save the company from tons of threats.
Some are calling on Apple to introduce a bug bounty program following the celebrity photo hacks this week. Perhaps Twitter’s move will encourage Apple to open up communication with outside security researchers.
We’ll have more details shortly