Forgot your password?
typodupeerror
Bug Google Security The Almighty Buck News

PayPal Starts Bug Bounty Program 39

Posted by samzenpus
from the bug-hunt dept.
Trailrunner7 writes "PayPal is the latest company to join the ranks of software vendors and Web properties that offer bounties to security researchers who privately disclose new bugs to them. The company isn't saying how much it will pay for each bug, just that its security team will determine the severity of each flaw as well as the ultimate payout. PayPal's decision to offer financial incentives to researchers follows the establishment of similar programs by companies including Google, Mozilla, Facebook, Barracuda and others. Google's bug bounty program may be the most well-known and comprehensive, as it includes bugs not just in its software products such as Chrome, but also its Web properties. The company has paid out more than $400,000 in rewards to researchers since the program began and researchers who consistently find bugs in Google's products can make a nice side income off the program."
This discussion has been archived. No new comments can be posted.

PayPal Starts Bug Bounty Program

Comments Filter:
  • by DogDude (805747)
    PayPal has been around for more than a decade. They handle a lot of other peoples' money. And they still have bugs?!?

    People who know this and continue to use PayPal... well... wow.
    • Re:Bugs? (Score:5, Insightful)

      by The MAZZTer (911996) <megazzt.gmail@com> on Friday June 22, 2012 @08:08AM (#40409851) Homepage
      All software has bugs, it's inevitable. The variables are simply how frequent and how severe these bugs are, based on who programmed the code and how well the QA did their job.
      • by DogDude (805747)
        Software that has been around and has been tested thoroughly isn't going to have a lot of bugs. PayPal shouldn't have any glaring bugs at this point.
        • Re: (Score:3, Insightful)

          by olivier69 (1176459)
          1) "software" isn't static, so newer bugs can be introduced 2) even properly written and managed software depends on libraries, compilers, systems, all of which can have bugs
        • by hackula (2596247)
          Paypal does not have any glaring bugs. They are trying to find the tricky, hard to reproduce bugs. All non-trivial software has an infinite supply of these.
        • by nospam007 (722110) *

          "Software that has been around and has been tested thoroughly isn't going to have a lot of bugs. PayPal shouldn't have any glaring bugs at this point."

          That's why they have waited until _now_ to pay for bugs.
          It's financially responsible.

        • Re:Bugs? (Score:5, Informative)

          by Xiaran (836924) on Friday June 22, 2012 @09:34AM (#40410549)
          I think Donald Knuth said is best regarding the versioning of TeX. TeX uses pi as the version number... everytime a new version is relased a number is to be added to the pi version... currently it is 3.1415926. The person to find the last bug will put the last number of pi.
      • I am very prowd to say, my code contains NO bugs. At all. Ever. I know, you wish you where the AWSOME me...

      • by prouder (2668849)
        That's true - Most of the common software have bugs. Therefore it's important to find them. _______________________________________ http://www.traceroute66.com/ [traceroute66.com]
    • Yeah they do. The biggest one is in the Terms Of Service giving them total and complete access to your bank account!
  • by MickyTheIdiot (1032226) on Friday June 22, 2012 @08:06AM (#40409847) Homepage Journal

    Oh my gods.. I can't breathe!

    What the hell is this? Since when has Paypal been concerned about quality of service to ANYONE?

    Every problem I have ever reported has resulted in a metaphorical slap in the face, tons of paperwork, or both. Everyone is guilty until proven innocent but the scammers who can easily sidestep anything they do and only the honest get punished. Why would this be different with bugs?

  • We reserve the right to determine how much we will pay you for benefiting PayPal under any and all circumstances....

  • I FOUND A BUG!! (Score:5, Informative)

    by realsilly (186931) on Friday June 22, 2012 @08:48AM (#40410099)

    It's their Management. If they would fix that....

    How much is that worth?

    • No, it's the entire almost monopoly that is the biggest bug. Eliminate that, and then you the management would go. Either by the company collapsing, or the bad management being gotten rid of.

      Personally I have great hopes for BitCoin, but think that the current gateways between the payment system and the external money are too insecure to trust putting any actual money into it.

    • by mark-t (151149)
      Nothing. You're supposed to disclose it *privately* to them.
  • The bounty will be paid in your paypal account (if you do not have one, you will have to create one), and then paypal will freeze your account without any explanation or appeal process :)

  • by slashmydots (2189826) on Friday June 22, 2012 @10:52AM (#40411547)
    Does this count as a bug? They send out customer surveys that actually are from them but look extremely fake and point to a domain other than their own, which violates every single internet standard and their own safety and security guidelines.
    Oh and every time I go to their site, it attempts to launch the default media player plugin for whatever browser I'm using which gets blocked as a security threat by default in default configurations of IE8 and 9 and I think Firefox as well.
    • by mark-t (151149)

      Arguably, yes.... but to make any claim on a bounty, you are obligated to discuss the matter with them privately.

      As you've already openly disclosed it here, however... it is too late for that.

  • by Anonymous Coward

    I've already got a team of Nigerians on it.

  • The problem is that most of the bugs are in the human end of the system, not in the software.

"Your mother was a hamster, and your father smelt of elderberrys!" -- Monty Python and the Holy Grail

Working...