MANILA, Philippines – Facebook and Microsoft have set up a program to reward security researchers for finding and reporting vulnerabilities in the Internet.

Known as the Internet Bug Bounty Program, the initiative provides a minimum bounty of US$5,000 for reported vulnerabilities that can affect the Internet, with a definition of the Internet outlined on a separate page.

By finding important vulnerabilities and fixing them, the Internet can be more secure. The bug bounty helps to ensure that vulnerabilities are reported for fixing, rather than sold on the black market for use in malicious or criminal hacking activities.

Under the program’s guidelines, the following criteria for vulnerabilities that affect the Internet have to be satisfied and vetted by a 10-person panel to earn the bounty.

• Be widespread: vulnerability manifests itself across a wide range of products, or impacts a large number of end users.
• Be vendor agnostic: vulnerability is present in implementations from multiple vendors or a vendor with dominant market share.
• Be severe: vulnerability has extreme negative consequences for the general public.
• Be novel: vulnerability is new or unusual in an interesting way.

There are also bounties for the following components that support the Internet:

• Sandbox Escapes: Minimum bounty of $5,000
• OpenSSL: Minimum bounty of $2,500
• Python: Minimum bounty of $1,500
• Ruby: Minimum bounty of $1,500
• PHP: Minimum bounty of $1,500 
• Rails: Minimum bounty of $1,500
• Perl: Minimum bounty of $1,500
• Apache httpd: Minimum bounty of $500
• Nginx: Minimum bounty of $500
• Phabricator: Minimum bounty of $300
• Django: Minimum bounty to be announced

Interested parties can sign up for the initiative by visiting the HackerOne sign-up page. – Rappler.com

Bug Image from Shutterstock