“VKontakte” launched a rewards program for found in official app for iOS, Android and Windows Phone vulnerability. This is stated in the message operating officer of the social network Andrew Mace.
The minimum award is $100, the maximum remuneration is not restricted and depends on the importance of vulnerability.
“We are pleased to announce the launch of the open programme of rewards for finding vulnerabilities inside Vkontakte. Thanks to the HackerOne platform that is gaining popularity among the community of hackers and experts on computer security from around the world, the whole process from finding the vulnerability, the process becomes fast and simple,” wrote on the website of the Andrey Rogozov.
To receive information about the vulnerabilities, the company uses the platform HackerOne. According to Mace, thanks to her finding vulnerabilities and rewards is fast and easy.
The company had previously received information about the problems through the integrated service support. Via HackerOne is conveniently interact, quickly translating reward for errors found”, said the representative of the social network Giorgi lubushkin.
According to the program, “Vkontakte” will not pay a reward for the lack of protection of individual elements without describing specific examples of the negative consequences. Also not considered “getting physical access to the servers/infrastructure, and threat/injury to employees”.
The company will pay the reward only to the first researcher who sent a problem report, notes Siliconrus. Description of the potential use of a bug will increase the probability of obtaining a reward. The company noted that if the vulnerability has been used against users, the award will not be awarded.
In may this year, a Russian developer Camille Khismatullin found an error code that allowed attackers to take any personal photos of “Vkontakte” users, including hidden in the correspondence. In gratitude, the service administration transferred him $700.