The Hacker News Logo
Subscribe to Newsletter

PayPal will Pay Security Researchers for finding Vulnerabilities

PayPal will Pay Security Researchers for finding Vulnerabilities
Payment services provider PayPal will reward security researchers who discover vulnerabilities in its website with money, if they report their findings to the company in a responsible manner.

If you manage to find a security flaw in any of PayPal’s products, you may be entitled to a cash reward. "I'm pleased to announce that we have updated our original bug reporting process into a paid 'bug bounty' program," PayPal's Chief Information Security Officer Michael Barrett said in a blog post on Thursday. While Barrett disclosed vulnerability categories, he did not say how much cash the firm will be offering.

PayPal plans to categorize reported bugs into one of four categories:
  • XSS (Cross Site Scripting),
  • CSRF (Cross Site Request Forgery),
  • SQL Injection or
  • Authentication Bypass
 Researchers need to have a verified PayPal account in order to receive the monetary rewards.

"I originally had reservations about the idea of paying researchers for bug reports, but I am happy to admit that the data has shown me to be wrong - it's clearly an effective way to increase researchers' attention on Internet-based services and therefore find more potential issues."

Marius Gabriel Avram, a security engineer at U.K.-based security firm RandomStorm, looks for vulnerabilities in Web services operated by Google, Facebook, Twitter, Microsoft, eBay, PayPal and other companies that allow security researchers to do so, as long as they report their findings privately and don't cause any damage. It's like a challenge that helps security researchers improve their skills and, in some cases, earn some extra money, Avram said.

Avram found and reported over 10 security issues in PayPal's main and mobile websites during the past two weeks. Some of them were of high severity, he said, adding that PayPal's staff responded every time.

PayPal deserves congratulations for taking this step in the right direction.

Have something to say about this article? Comment below or share it with us on Facebook, Twitter or our LinkedIn Group.
SHARE
Comments
Latest Stories
Best Deals

Newsletter — Subscribe for Free

Join over 500,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.