Hi G33ks @insecuremag Dec-2013
Microsoft and Facebook start Internet-wide bug bounty program Dubbed The Internet Bug Bounty, it is sponsored by the two Internet giants and is aimed at anyone who discovers vulnerabilities in a series of open source programming languages, web apps, software, app frameworks, HTTP servers, as well as the OpenSSL implementation, Chrome, IE, Adobe Reader and Flash sandboxes, and the “Internet” in general. Once a bug is reported - and in order to become eligible for a prize it’s not necessary to submit PoC exploit code for it - the individual product response teams will be notified of it automatically and have 30 days to fix the bug and 180 days to publicly disclose its existence. If they don’t respond to the initial report in 7 days, the bug report will be made public 30 days after the program’s initial contact attempt. The minimum amount paid for a bug depends on the product which it affects. For example, for the “Internet” is $5,000, for OpenSSL is $2,500, for Perl is $1,500, while for Nginx is $500. Maximum amounts are not determined, and could be considerable - it all depends on the severity of the found bug and on the quality of the submission. Cheers, 0xN41K -- You received this message because you are subscribed to the Google Groups "NFORCEIT" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
