Inspired by the success of Facebook, Google, Mozilla, Samsung and others who have implemented 'Bug Bounty' programs -- PayPal today updates its original bug reporting process into a paid "bug bounty" program.
"I originally had reservations about the idea of paying researchers for bug reports, but I am happy to admit that the data has shown me to be wrong - it's clearly an effective way to increase researchers attention on Internet-based services and therefore find more potential issues," posted Michael Barrett, ciso, PayPal.
"If you are a security researcher, and you've discovered a site or product vulnerability, please forward your details to us at email@example.com. If we conclude that a disclosure respects and meets all the guidelines outlined below - we will not bring a private action or refer a matter for public inquiry," PayPal said.
PayPal security team will determine the bounty amount and all decisions are final.
Bounty is awarded to the first person that discovers the previously unknown bug.
Bug bounty is valid for the following site: www.paypal.com.
Here is the PayPal's bounty program works?
- Researchers submit bug reports to us, via the same secure reporting process using PGP encryption that we had in place previously.
- We categorize the report into one of four categories:
- XSS (Cross Site Scripting),
- CSRF (Cross Site Request Forgery),
- SQL Injection or
- Authentication Bypass
For more information and rules, vist this page.
Also, PayPal.com rereshed launched in the U.S., and to the rest of its "110 million users" worldwide later.
The new PayPal dramatically cut down the number of pages offered and focused on those that provide the solutions.
Also, login process is now much easy and intuitive, and the team has also reworked the overall navigation for users to quickly get to what they want.
PayPal also simplifes menus and label solutions, now showcasing most popular offerings, and now have an "explore" link that highlight the newest innovations.
Here is a look at the new PayPal: