Skip to main content

Twitter will start paying hackers who hunt down and identify bugs

Twitter will start paying hackers who hunt down and identify bugs

Share this story

Twitter wants to find out about any bugs it might have before malicious hackers do, and it's introducing a bug bounty program today to encourage researchers to help it out. Like the many other tech companies offering similar programs, Twitter will pay researchers (or just about any other type of good-natured hacker out there) for finding various flaws and vulnerabilities in its platform and then reporting those findings to Twitter. The key is that the researchers report it to Twitter and allow Twitter to close the bug before before publicly disclosing their finding — which would otherwise give malicious parties the chance to take advantage of it. This is, for the most part, standard practice for security researchers who find bugs — reward or not — though some have been known to publicly reveal bugs after a period of time if they decide that a company isn't moving quickly enough to close a significant problem.

Researchers get a $140 minimum reward

At a minimum, Twitter will pay researchers $140 (get it?) for every bug they disclose. That's so long as the bug relates to Twitter's desktop and mobile website, iOS and Android apps, and a few other properties, including Tweetdeck on the web. So far, through what appears to have been early tests of the program over the past three months, Twitter has paid 44 people and closed 46 bugs.

Facebook, Microsoft, and Google — among many other tech companies — also have their own bug bounty programs. They're increasingly important programs to have, as it encourages experts to focus on their platform and to try to find flaws before a malicious hacker does. Notably, Apple does not have a bug bounty program of its own, even though its security has been seriously called into question on multiple occasions over the past year. Given that Twitter appears to have been testing this program before formally launching it today, it seems likely that this week's celebrity photo thefts have prompted it to get the bounty out there.