PayPal's Bug Bounty Program Turns 1, Gets an Update

By: eBay Inc. Staff

20130725_bug_post

PayPal’s Bug Bounty Program just turned one year old, and what did it get? An update! Changes affected such issues as participation eligibility, payout schedules and frequently asked questions.

“The bug bounty program brings a lot of value to an organization such as PayPal, because it brings external talent into the internal mix of talent that’s looking for security vulnerabilities,” said Gus Anagnos, director, Information Security.

Hundreds of security researchers across 48 countries have participated so far in the Bug Bounty program, which offers monetary rewards for identifying vulnerabilities in PayPal’s sites. By flagging these issues, researchers can help PayPal fix problems even before users are aware of them.

With the update, security researchers as young as 14 are now eligible to earn a bounty. The new minimum age is in line with industry best practices, Anagnos said.

There’s also a Wall of Fame to recognize the top 10 researchers who have either submitted the most interesting vulnerabilities, provided a high percentage of valid submissions or identified a critical bug. And all the researchers that have provided valid bug submissions are noted on the honorable mentions page.

“The research community is a bunch of very, very smart individuals, and money is only part of the recognition,” Anagnos said. “The Wall of Fame provides a level of recognition that their peers can see, and it also creates a bit of a competition.”

Read more about the Bug Bounty update on the PayPal Forward blog, and see the full Terms and Conditions of the program.