Twitter has paid over $300,000 to security researchers in 2 years

Twitter paid security researchers $322,420 to find security vulnerabilities

As services like Twitter have become critical infrastructure for people to communicate and share ideas, maintaining security and uptime is essential. But these companies can’t do it themselves and some have turned to bug bounty programs to solicit help from the public. For Twitter, it has found its program to be “an invaluable resource for finding and fixing security vulnerabilities.”

The company announced today that in the past two years, it has not only received 5,171 bug submissions from 1,662 researchers but also paid a total of $322,420 in rewards. From this payout, the average amount was $835 and the highest was $12,040. In honor of its history, Twitter pays in multiples of 140. It was noted that last year, a single researcher received more than $54,000 in rewards for reporting vulnerabilities.

Starting in 2014, Twitter enlisted the help of HackerOne to manage its bug bounty program. The minimum payout is $140 and the company is looking for any possible vulnerabilities relating to remote code execution, authentication issues, cross-site scripting, cross-site request forgery, and more. And it’s not just with Twitter’s core service, but also with Vine, Periscope, Fabric, MoPub, ZeroPush, and its mobile apps.

Twitter’s bug bounty program isn’t unique as other companies like Facebook and Google also offer ways for researchers to inform them of vulnerabilities. However, Twitter’s payout isn’t exactly the most that one can receive. In January, Google revealed that it had paid security researchers over $6 million over the past six years — in 2015, more than 300 different researchers received over $2 million after finding 750 bugs.

Facebook shared that it has paid out more than $3 million since it started its bug bounty program in 2011, with $1.3 million given out in 2014 to just 321 researchers worldwide. The average amount received was $1,788.

While there’s a difference in payouts among these three companies, the likely reason is that Facebook and Google are more diverse in their services and have hundreds of millions of more users than Twitter so there’s a greater chance of having a vulnerability be exposed.

Reffed from:-http://venturebeat.com/2016/05/27/twitter-has-paid-security-researchers-over-300000-in-2-years/