Facebook and Microsoft are winning plaudits from security researchers for launching an initiative to offer bounties to bug hunters who discover and report vulnerabilities in widely used products
From Networkworld:
From Networkworld:
Unlike other bug bounty programs, the program announced this week by the duo is not vendor specific. Rather it will reward bug hunters for vulnerabilities they discover in a range of technologies that includes Python, Perl, PHP, Ruby on Rails and Django, Apache and Nginx Web. Also covered are technologies such as the application sandbox mechanisms in Internet Explorer 10, Google Chrome and Adobe Reader.Security researchers laud Microsoft, Facebook bug bounty programs
A website set up under the program allows bug hunters to report vulnerabilities and connect them with response teams capable of addressing the bugs. The site spells out the vulnerability disclosure guidelines, specific disclosure timelines and processes that security researchers must follow to qualify for a reward.