Microsoft and Facebook have found a clever way to root out security problems. The two companies are offering bounties to hackers and security researchers for every bug they find.
Microsoft and Facebook want to find security problems with some of the key technologies that power the web. The pair have teamed up to create an internet bug bounty project, dubbed HackerOne, that rewards security researchers for finding issues with PHP, OpenSSL, Apache, and even the underlying internet communication protocols. Rewards range from minimums of $300 to $5,000 depending on the specific vulnerability and the associated severity. Volunteers from Facebook, Microsoft, and even Google will form a panel to judge the entries, and there’s a list of disclosure rules to ensure bugs are reported and disclosed correctly.