For Twitter, the best defense against bugs is a strong offense of independent hackers.
Introduced is the key word there. Twitter has actually been live on HackerOne for three months now. According to its HackerOne page, 44 hackers have already uncovered 46 bugs. So why tell people now?
Well, TechCunch says, this week’s nude, celebrity photo leak has “catapulted cybersecurity to a new level of mainstream interest.”
Sure, you and I can take advantage of a site’s security features, like Twitter’s Login Verification. But remember, that’s only good when it’s bug free.
And, we’d rather leave it up to the experts to find those vulnerabilities. Turns out, so would Twitter.
“Maintaining top-notch security online is a community effort," Twitter posted on HackerOne "and we’re lucky to have a vibrant group of independent security researchers who volunteer their time to help us spot potential issues.”
Well, volunteer-ish. For each bug a hacker finds, Twitter will pay out a minimum of $140 – get it? That is, unless you live in Cuba, Sudan, North Korea, Iran or Syria, when Business Insider notes, “national law prohibits Twitter from paying hackers.” (Video via Twitter)
The Verge says of these bug bounty initiatives, “They're increasingly important programs to have, as it encourages experts to focus on their platform and to try to find flaws before a malicious hacker does.”
Microsoft, Google and Facebook all have programs like this in place. In fact, Facebook’s program, which launched in 2011, has reportedly paid out more than $2 million to bug finders so far. (Video via Microsoft)
The company wrote in a post earlier this year, more than 14,500 bugs were submitted to the site in 2013 alone. And each of those is worth at least $500 to the hacker that finds them.
Did you notice a name missing from that list though?
Yes, Apple does not have a bug bounty program. That’s maybe not too surprising for a company known for secrets. But it’s name has been attached to a number of high profile hacks, including the celeb photo hack earlier this week, which the company has since said didn’t breach its systems. (Video via CBS)