Programs that pay security researchers for finding flaws in software have become all the rage, and a new bug bounty program launched this week rewards finding vulnerabilities in key open-source software platforms as well as the underlying Internet infrastructure.
Microsoft and Facebook — under the auspices of HackerOne — are co-sponsoring The Internet Bug Bounty, a program that pays anywhere from $300 to $2,500 for a new vulnerability found in key open-source platforms such as OpenSSL, Python, Ruby, PHP, Django, Rails, Perl, Phabricator, Ngix, and Apache httpd. The program also rewards a minimum of $5,000 to researchers who find working flaws in sandbox technologies, and a minimum of $5,000 for bugs found in the Internet’s underlying infrastructure, such as DNS, SSL, or PKI, for example.