Twitter to pay users $140 for finding security flaws

The social network will pay up to £100 to individuals who find security issues in its platform

Twitter

Twitter has offered individuals who find possible security flaws in its platform a $140 (100) reward.

However, that amount is not set in stone, according to the company.

The social network said in a blog post: "Reward amounts may vary depending upon the severity of the vulnerability reported. Twitter will determine in its discretion whether a reward should be granted and the amount of the reward.

"This is not a contest or competition. Rewards may be provided on an ongoing basis so long as this program is active."

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

Anyone who reports a flaw will need to prove they are the first to find it and must not disclose it to any other parties, including the media.

Any flaws must also fit alongside Twitter's vulnerability guidelines that include cross-site scripting (XSS), cross-site request forgery (CSRF), remote code execution (RCE), in addition to allowing unauthorised access to protected tweets and direct messages.

If users discovered a vulnerability before 3 September at 10.30AM PST (17.30 GMT) they would not be eligible for the reward unless they reported it previously.

Additionally, anyone based in countries that has security sanctions against it - including individuals in North Korea, Iran, Cuba and Syria - will be exempt from the bounty.

Twitter has been subject to a lot of controversy recently regarding the removal of pictures of recently deceased people.

The social network announced last month it would only remove pictures and accounts of people who had died if relatives provided in depth information about the user and their account.

Advertisement - Article continues below

A number of tech companies offer users rewards for discovering bugs including Microsoft and Yahoo.

Featured Resources

What you need to know about migrating to SAP S/4HANA

Factors to assess how and when to begin migration

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

Testing for compliance just became easier

How you can use technology to ensure compliance in your organisation

Download now

Best practices for implementing security awareness training

How to develop a security awareness programme that will actually change behaviour

Download now
Advertisement

Recommended

Visit/malware/33080/hackers-abuse-linkedin-dms-to-plant-malware
malware

Hackers abuse LinkedIn DMs to plant malware

25 Feb 2019
Visit/security/malware/28083/the-five-best-free-malware-removal-tools
Security

Best free malware removal tools 2019

23 Dec 2019
Visit/security/internet-security/354417/avast-and-avg-extensions-pulled-from-chrome
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019
Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Visit/policy-legislation/data-governance/354496/brexit-security-talks-under-threat-after-uk-accused-of
data governance

Brexit security talks under threat after UK accused of illegally copying Schengen data

10 Jan 2020
Visit/security/cyber-security/354468/if-not-passwords-then-what
cyber security

If not passwords then what?

8 Jan 2020
Visit/policy-legislation/31772/gdpr-and-brexit-how-will-one-affect-the-other
Policy & legislation

GDPR and Brexit: How will one affect the other?

9 Jan 2020
Visit/web-browser/30394/what-is-http-error-503-and-how-do-you-fix-it
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020