The business social networking site LinkedIn has since late last year decided to reward a program for a select group of researchers who report vulnerabilities. Unlike many other sites that launched a reward program to open bug reports LinkedIn decided the program decided to keep. According to information director Cory Scott , the program stems from the bug reports via security@linkedin.com enter.
Most reports were not usable according to Scott, but a small group of researchers used to send detailed bug reports. Then LinkedIn for this group of researchers decided to launch a special rewards program. This has already yielded more than 65 specific bugs for which more than $ 65,000 was paid. The program is structured so that the security team LinkedIn directly with investigators from the beginning works to the end. Payments late LinkedIn HackerOne walk through a platform where many companies start public reward programs.
Scott notes that LinkedIn has looked at an open reward program, but given the experience of external bug reports and the status of the current ecosystem of bug reports, the cost does not outweigh the benefits. Yet Scott calls outside researchers for bugs via security@linkedin.com to continue to report. He further states that it was decided to share the experiences LinkedIn to give "more nuance" to the discussion on the subject, which might be useful for others.
No comments:
Post a Comment