In may of this year, “Vkontakte” has launched a rewards program for found in the official app for iOS, Android and Windows Phone vulnerability. Since that time, the social network has paid users over $40,000, according to a message on the official page of the social network.
The minimum award is $100, the maximum reward has no restrictions and depends on the severity of the vulnerability.
“For the first six months after the launch of the open programme of rewards for finding vulnerabilities within the “Vkontakte” on the platform HackerOne, the social networks team has received more than 2,000 reports from experts in the field of information security. At the same time, only 15% of them were submitted to the developers Vkontakte”, – said the developers.
To receive information about vulnerabilities the company is using the HackerOne platform. According to COO of the social network of Andrew Mace, thanks to her finding vulnerabilities and payments becomes quick and simple.
Program Vkontakte was the most popular among reporters from around the world, the statement said. Most of the applications came from residents of India, but the most productive were specialists from Russia and they were able to detect several dangerous vulnerabilities have been successfully eliminated.
Under the terms of the program, “Vkontakte” does not pay a reward for the lack of protection of individual elements without a description of specific examples of the negative effects. Also not considered “getting physical access to the servers/infrastructure, and threat/injury to employees”.
