malsploit Posted June 26, 2012 Report Posted June 26, 2012 (edited) PayPal s-a hotarat sa se alature companiilor care ofera recompense financiare, celor care descopera vulnerabilitati in platforma de plata online:As I’ve written previously, the security of our customers’ data is our number one priority. I have the privilege of leading a world renowned security team but we realize that no company can do it all alone. To that end, we were one of the first companies to implement a bug reporting process for outside security researchers. We work with the security community each and every day. Responsible security researchers flag potential issues to us so that we can often provide fixes before anyone else is even aware.Today I’m pleased to announce that we have updated our original bug reporting process into a paid “bug bounty” program. The experience from other companies such as Facebook, Google, Mozilla, Samsung and others who have implemented similar programs has been very positive. I originally had reservations about the idea of paying researchers for bug reports, but I am happy to admit that the data has shown me to be wrong – it’s clearly an effective way to increase researchers attention on Internet-based services and therefore find more potential issues.Our program is fairly simple, and builds on what we previously had in place.1. Researchers submit bug reports to us, via the same secure reporting process using PGP encryption that we had in place previously.2. We categorize the report into one of four categories:XSS (Cross Site Scripting),CSRF (Cross Site Request Forgery),SQL Injection orAuthentication Bypass3. We will then determine the severity and priority of the problem and our developers will fix the issue and then release the fix into our production environment.4. We then pay the researcher – via PayPal, of course – once the bug is fixed.You can find more details of the program here.While a small handful of other companies have implemented bug bounties, we believe we are the first financial services company to do so. It’s yet another example of the innovation that PayPal is bringing to shake up the industry as the world moves more and more payments online.–Michael Barrett, Chief Information Security Officer, PayPalhttps://www.thepaypalblog.com/2012/06/paypal-bug-bounty-program/ Edited June 26, 2012 by hate.me Quote
mah_one Posted June 26, 2012 Report Posted June 26, 2012 deja am trimis doua vulnerabilitati, una din ele e urata rau de tot. Quote
