Security researchers rake in over $300,000 from Twitter for discovering bugs

30 May 2016

Security researchers who seek out bugs plaguing online platforms have been winning handsome rewards from Twitter to spot vulnerabilities in its system.

According to a report released by Twitter on Friday 27 May, the social media platform's payouts to bug bounty hunters had crossed $300,000 over the past two years. The hunters had uncovered "threats and attacks against users and systems."

According to the micro-blogging network's report, since 2014, it had received nearly 5,171 bug submissions courtesy of 1,662 researchers.

Bug bounty hunters had received $332,420 in total as reward for their efforts.

The average amount the social media company paid out was $835, and the highest sum Twitter paid was $12,040.

The maximum amount that an individual researcher had gained in 2015 for spotting various vulnerabilities was a little more than $54,000.

Interestingly there is no maximum limit to the amount researchers can make.

The Bug Bounty Program allows Twitter to react better to issues and fix them swiftly before they get exploited, and it also allowed the social media company to leverage a massive network of security researchers who alerted Twitter timely.

People who are part of the bug bounty hunter programme work independently from the normal security team for each site that employees them.

The people most useful to these bounty programmes go by the term ''white hat hackers,'' which is a slang term for people who are, essentially, ethical hackers.

Companies do not seek out ethical hackers, rather they start ''seasons,'' like Uber recently did, or post general guidelines for submissions, and bug bounty hunter hopefuls go to them.

According to Gianluca Stringhini, a computer scientist and assistant professor at University College London, who spoke to the BBC, by having bug bounty programmes, companies made sure the best hackers looked at their code. The more eyes looked at the program, the more bugs they found.

She added it was also a way for these companies to identify talent.