Amidst a brewing storm of leaked nude photographs, Twitter is yelling into the dark, to the outer fringes of tech society, inviting all hackers to hack it. Well, the call is not restricted to hackers, just about anybody. It’s casting its net wide.
The bug bounty programme, introduced today by Twitter, encourages security researchers to report bugs they find on Twitter and get a reward for it. This comes on the heels of the news of a hacker who leaked more than 100 nude photographs of some of Hollywood’s most famous female stars due to a vulnerability in Apple’s security systems. It is also worth noting that Apple does not have a bug bounty programme of its own. Some experts have said the Apple leak is due to the fact that it allows too many wrong attempts at a password.
Essentially, unlike Apple, Twitter is trying to avoid being caught with its pants down.
Twitter will pay a minimum of US$140 USD for each bug found but only if you are the first reporter of the bug. The bug also has to be confined to Twitter’s desktop and mobile website, iOS and Android apps, including Tweetdeck on the web. Anything that falls out of that scope is not rewarded, so there’s no point snooping around anywhere else, really.
Reporting bugs has however always been at the core of the hacking game. The unwritten formula is to hack into an establishment, proving that company’s incompetence, and get them to sort it out, quietly. More often than not, this fails and forces good hackers to go underground and go bad. We know this all too well, with Frederick “Warlock” Kaludis, from Die Hard 4.0.
Though the programme was only officially introduced today, data obtained from early tests reveals that Twitter has paid 44 people and closed 46 bugs, in a period that spans three months.
The programme also comes with strict rules and one is that you may not publicly disclose the vulnerability prior to Twitter resolution. Though this is to counter good hackers that go underground and go bad, it will be interesting to see what happens when Twitter fails to act quickly and swiftly. Will good hackers be patient or will they revolt against Twitter?