728_header.jpg (23748 bytes)
 EB Blog 
 AB Blog 
EcommerceBytes-NewsFlash, Number 2832 - June 22, 2012 - ISSN 1539-5065    5 of 5

PayPal Pays Security Researchers to Find Bugs

By Ina Steiner
June 22, 2012

Email This Story to a Friend

PayPal has turned its bug reporting process into a paid "bug bounty" program to help it keep its site and products secure. In a post on the PayPal blog, Chief Information Security Officer Michael Barrett said he had had reservations about the idea of paying researchers for bug reports, but said, the data has proven otherwise - "it's clearly an effective way to increase researchers attention on Internet-based services and therefore find more potential issues."

In the post, Barrett said that PayPal has a world renowned security team, "but we realize that no company can do it all alone." The experience from other companies that initiated buy bounty programs, including Facebook, Google, Mozilla and Samsung, has been very positive.

PayPal, which has also been a frequent target of phishing emails for the past decade, works with the security community each and every day, Barrett said. "Responsible security researchers flag potential issues to us so that we can often provide fixes before anyone else is even aware."

The program works in four steps - researchers submit bug reports to PayPal; it categorize the reports into one of four categories; PayPal then determines the severity and priority of the problem and has its developers fix the issue; PayPal then pays the researcher (via PayPal) once the bug is fixed.

Barrett said he believed PayPal was the first financial services company to implement a bug bounty program. More information about the program can be found on the PayPal website.

About the author:

Ina Steiner is co-founder and Editor of EcommerceBytes and has been reporting on ecommerce since 1999. She's a widely cited authority on marketplace selling and is author of "Turn eBay Data Into Dollars" (McGraw-Hill 2006). Her blog was featured in the book, "Blogging Heroes" (Wiley 2008). Follow her on Twitter at @ecommercebytes and send news tips to ina@ecommercebytes.com.

You may quote up to 50 words of any article on the condition that you attribute the article to EcommerceBytes.com and either link to the original article or to www.EcommerceBytes.com.
All other use is prohibited.

Email This Story to a Friend
Email this story to a friend.

5 of 5

Sponsored Ad