Twitter has become the latest company to offer computer experts financial rewards for discovering a vulnerability in their security systems. This is known as a bug bounty.
Twitter has confirmed that there is a minimum reward of $140 (£85) available but that no limit has been set on the maximum reward that is available.
Twitter released a statement confirming the bug bounty. The statement read, “There is no maximum reward. Reward amounts may vary depending upon the severity of the vulnerability reported. Twitter will determine in its discretion whether a reward should be granted and the amount of the reward.”
Twitter concluded, “This is not a contest or competition. Rewards may be provided on an ongoing basis so long as this program is active.”
The bug bounty actually started in June through a company called HackerOne but there were no financial rewards available. This was reflected in the uptake as only 44 bugs were reported but this is now expected to increase.
In order to be considered for financial rewards, the person reporting the vulnerability must be the first to have reported it and not disclose the vulnerability until it has been resolved.
Twitter is not the first company to set up a bug bounty which has been successfully utilised by other market leading companies such as Microsoft and Google. A bug bounty helps companies reduce the number of security flaws they have and can also prove very profitable for individuals who discover any security flaws.
One example of this occurred when a security expert earned $100,000 from Microsoft during their bounty program.