Twitter will be the most recent major corporation to set up a bug bounty program, and has no set restrictions on the bounty that a researcher can earn for revealing a vulnerability.
The organization declared on Wednesday that it’ll run its bounty program via the HackerOne platform, a bug bounty system that allows vendors to gain access to a pool of countless researchers who perform authorized research towards a company’s products and solutions.
HackerOne is used by a number of notable corporations, such as Square, Yahoo and CloudFlare and also is the system that supports the Internet Bug Bounty.
The program pays researchers for discovering vulnerabilities in its primary Website and also the Twitter apps for iOS and Android. The kinds of vulnerabilities they want researchers to focus on include XSS, CSRF, remote code execution, unauthorized access to private tweets or direct messages.
“Maintaining top-notch security online is a community effort, and we’re lucky to have a vibrant group of independent security researchers who volunteer their time to help us spot potential issues. To recognize their efforts and the important role they play in keeping Twitter safe for everyone we offer a bounty for reporting certain qualifying security vulnerabilities,” the rules state.
Twitter’s reward program begins with a minimum bounty of $140 and doesn’t have a maximum payout. The organization presently has resolved several dozen bugs revealed over the HackerOne platform.