Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

PayPal Starts Bug Bounty Program

samzenpus posted more than 2 years ago | from the bug-hunt dept.

Bug 39

Trailrunner7 writes "PayPal is the latest company to join the ranks of software vendors and Web properties that offer bounties to security researchers who privately disclose new bugs to them. The company isn't saying how much it will pay for each bug, just that its security team will determine the severity of each flaw as well as the ultimate payout. PayPal's decision to offer financial incentives to researchers follows the establishment of similar programs by companies including Google, Mozilla, Facebook, Barracuda and others. Google's bug bounty program may be the most well-known and comprehensive, as it includes bugs not just in its software products such as Chrome, but also its Web properties. The company has paid out more than $400,000 in rewards to researchers since the program began and researchers who consistently find bugs in Google's products can make a nice side income off the program."

cancel ×

39 comments

Sorry! There are no comments related to the filter you selected.

Bugs? (2)

DogDude (805747) | more than 2 years ago | (#40409843)

PayPal has been around for more than a decade. They handle a lot of other peoples' money. And they still have bugs?!?

People who know this and continue to use PayPal... well... wow.

Re:Bugs? (4, Insightful)

The MAZZTer (911996) | more than 2 years ago | (#40409851)

All software has bugs, it's inevitable. The variables are simply how frequent and how severe these bugs are, based on who programmed the code and how well the QA did their job.

Re:Bugs? (1)

DogDude (805747) | more than 2 years ago | (#40409911)

Software that has been around and has been tested thoroughly isn't going to have a lot of bugs. PayPal shouldn't have any glaring bugs at this point.

Re:Bugs? (0)

MashupGuy (2668169) | more than 2 years ago | (#40410055)

That is incorrect. Software will always have bugs. The best way is make clean, proper tested code and then introduce sandboxing. MS already does this with IE9 sandboxing and JIT hardening. Catches 99.9% of bugs.

Re:Bugs? (3, Funny)

Normal Dan (1053064) | more than 2 years ago | (#40412637)

Every program contains at least one bug and one useless line of code. Theoretically every program can be reduced down to a single useless line that still contains a bug.

Re:Bugs? (3, Insightful)

olivier69 (1176459) | more than 2 years ago | (#40410113)

1) "software" isn't static, so newer bugs can be introduced 2) even properly written and managed software depends on libraries, compilers, systems, all of which can have bugs

Re:Bugs? (1)

hackula (2596247) | more than 2 years ago | (#40410417)

Paypal does not have any glaring bugs. They are trying to find the tricky, hard to reproduce bugs. All non-trivial software has an infinite supply of these.

Re:Bugs? (2)

nospam007 (722110) | more than 2 years ago | (#40410479)

"Software that has been around and has been tested thoroughly isn't going to have a lot of bugs. PayPal shouldn't have any glaring bugs at this point."

That's why they have waited until _now_ to pay for bugs.
It's financially responsible.

Re:Bugs? (4, Informative)

Xiaran (836924) | more than 2 years ago | (#40410549)

I think Donald Knuth said is best regarding the versioning of TeX. TeX uses pi as the version number... everytime a new version is relased a number is to be added to the pi version... currently it is 3.1415926. The person to find the last bug will put the last number of pi.

Re:Bugs? (1)

Frosty Piss (770223) | more than 2 years ago | (#40413819)

I am very prowd to say, my code contains NO bugs. At all. Ever. I know, you wish you where the AWSOME me...

Re:Bugs? (1)

prouder (2668849) | more than 2 years ago | (#40420793)

That's true - Most of the common software have bugs. Therefore it's important to find them. _______________________________________ http://www.traceroute66.com/ [traceroute66.com]

Re:Bugs? (1)

houstonbofh (602064) | more than 2 years ago | (#40410933)

Yeah they do. The biggest one is in the Terms Of Service giving them total and complete access to your bank account!

Re:Bugs? (0)

Anonymous Coward | more than 2 years ago | (#40411115)

I suspect that some of the bugs that Paypal pays for are going into to be developed into cyberweapons by Palantir Technologies. Don't be fooled that Paypal is helping the internet at large.

hahahahahahahahahaha *cough* *cough* *hack* (3, Insightful)

MickyTheIdiot (1032226) | more than 2 years ago | (#40409847)

Oh my gods.. I can't breathe!

What the hell is this? Since when has Paypal been concerned about quality of service to ANYONE?

Every problem I have ever reported has resulted in a metaphorical slap in the face, tons of paperwork, or both. Everyone is guilty until proven innocent but the scammers who can easily sidestep anything they do and only the honest get punished. Why would this be different with bugs?

Re:hahahahahahahahahaha *cough* *cough* *hack* (2)

EasyTarget (43516) | more than 2 years ago | (#40409909)

Since when has Paypal been concerned about quality of service to ANYONE?

Only for us little people...

They gave Joe Lieberman fantastic service [guardian.co.uk] .

This is Awesome (1)

Omni-Cognate (620505) | more than 2 years ago | (#40409977)

I'm going to get paid for finding bugs in Paypal??? I'm going to be RICH!!! RICH BEYOND MY WILDEST DREAMS!!!!!!!!!

Re:This is Awesome (1)

postbigbang (761081) | more than 2 years ago | (#40410151)

You'll be far richer if you *don't* tell Paypal about those undocumented, database leaks with direct links to your private banker in Grand Cayman. So STFU.

Re:hahahahahahahahahaha *cough* *cough* *hack* (0)

Anonymous Coward | more than 2 years ago | (#40410585)

MickyTheIdiot (1032226)
Oh my gods.. I can't breathe!
What the hell is this?
--

Ahem, it's you demonstrating that you deserve your name.

Re:hahahahahahahahahaha *cough* *cough* *hack* (1)

MickyTheIdiot (1032226) | more than 2 years ago | (#40411573)

not my fault you don't get the reference...

We reserve the right.... (1)

datavirtue (1104259) | more than 2 years ago | (#40409883)

We reserve the right to determine how much we will pay you for benefiting PayPal under any and all circumstances....

Re:We reserve the right.... (0)

Anonymous Coward | more than 2 years ago | (#40410035)

Right, so they'll pay you through PayPal and keep 5% of what they pay out.

Ahem (0)

Anonymous Coward | more than 2 years ago | (#40409885)

I believe freezing peoples funds because according to your heuristics their spending behaviour indicates that they're an outlier is a bug... oh wait, I think that's intentional... mark WONTFIX.

Foamy Urination (-1)

Anonymous Coward | more than 2 years ago | (#40409903)

Pay pal sux

Captcha = novice

fuck the bugs (-1)

Anonymous Coward | more than 2 years ago | (#40409981)

how about lowering your fees, gouging assholes

Please read (-1)

Anonymous Coward | more than 2 years ago | (#40410001)

I know this is off-topic, but I just want to ask, is it normal to receive 15 mod points instead of 5? Is there some new level I have gained or something?

Re:Please read (1)

Anonymous Coward | more than 2 years ago | (#40410069)

No.. Rob Malda has just picked you for an anal sex romp. Enjoy it.

Re:Please read (1)

houstonbofh (602064) | more than 2 years ago | (#40410983)

It is normal... I get 5 and 15 about equally.

eBay first sale coupon (0)

Anonymous Coward | more than 2 years ago | (#40410061)

I just wonder if every one who made a sale and got a 25 pound coupon earlier this month will get a payout. I mean, come on... half a coupon gets munched by a system, people tell them about it, and they say... we've escalated this to this dep't and we might get back to you sometime if we find out what went wrong. Yeah, your coupon is lost and sorry for charging you real money. I'd class that as finding a but worthy of a payout under this programme.

I FOUND A BUG!! (4, Informative)

realsilly (186931) | more than 2 years ago | (#40410099)

It's their Management. If they would fix that....

How much is that worth?

Re:I FOUND A BUG!! (1)

magic maverick (2615475) | more than 2 years ago | (#40410433)

No, it's the entire almost monopoly that is the biggest bug. Eliminate that, and then you the management would go. Either by the company collapsing, or the bad management being gotten rid of.

Personally I have great hopes for BitCoin, but think that the current gateways between the payment system and the external money are too insecure to trust putting any actual money into it.

Re:I FOUND A BUG!! (0)

Anonymous Coward | more than 2 years ago | (#40410929)

They will likely issue a reward to the hacker that exploits it.

Honestly, based on the amount of money that pay pal has stolen from me (and generally waisted my time), I would be more inclined to publish an exploit (if I did that sort of thing) than tell pay pal about it.

Fuck off pay pal.

Re:I FOUND A BUG!! (1)

mark-t (151149) | more than 2 years ago | (#40411657)

Nothing. You're supposed to disclose it *privately* to them.

Re:I FOUND A BUG!! (1)

realsilly (186931) | more than 2 years ago | (#40412197)

OK, let me go do that. ;)

Tricksy tricksy (2)

Torp (199297) | more than 2 years ago | (#40410303)

The bounty will be paid in your paypal account (if you do not have one, you will have to create one), and then paypal will freeze your account without any explanation or appeal process :)

I found one! (2)

slashmydots (2189826) | more than 2 years ago | (#40411547)

Does this count as a bug? They send out customer surveys that actually are from them but look extremely fake and point to a domain other than their own, which violates every single internet standard and their own safety and security guidelines.
Oh and every time I go to their site, it attempts to launch the default media player plugin for whatever browser I'm using which gets blocked as a security threat by default in default configurations of IE8 and 9 and I think Firefox as well.

Re:I found one! (2)

mark-t (151149) | more than 2 years ago | (#40411673)

Arguably, yes.... but to make any claim on a bounty, you are obligated to discuss the matter with them privately.

As you've already openly disclosed it here, however... it is too late for that.

I thank you f0r your time (-1)

Anonymous Coward | more than 2 years ago | (#40411777)

Don't Worry (1)

Anonymous Coward | more than 2 years ago | (#40411923)

I've already got a team of Nigerians on it.

Not in the software (2)

Conspiracy_Of_Doves (236787) | more than 2 years ago | (#40413659)

The problem is that most of the bugs are in the human end of the system, not in the software.

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>