- Jan 24, 2011
- 9,378
Bug bounty programs, for the most part, have been the domain of large software vendors and Web companies such as Google, Mozilla, Microsoft, PayPal and Facebook. But some smaller companies are now getting involved, with the latest one to announce a bounty being Wickr, the maker of secure messaging apps for Android and iOS, and the potential payoff is huge: up to $100,000.
Wickr’s bug bounty program is quite similar to the one announced last year by Microsoft. That program offers hackers up to $100,000 for new offensive techniques that can defeat the memory protections in the latest version of Windows. TheMicrosoft bug bounty program also offers $50,000 to researchers who develop a defensive technique that can stop an existing mitigation bypass.
Wickr is doing something similar, enticing hackers with a payment of up to $100,000 for submitting a new vulnerability “that substantially affects the confidentiality or integrity of user data.” The company also is offering additional cash for a defensive technique, submitted at the same time, that can protect against the new vulnerability. Wickr makes a text messaging app for both Android and iOS that is designed to be secure and protect users’ privacy by shredding deleted files on users’ devices.
“The Wickr Bug Bounty Program is designed to encourage responsible security research in Wickr software. It is impossible to overstate the importance of the role the security research community plays in securing modern software. White-hats, academics, security engineers and evangelists have been responsible for some of the most cutting-edge, eye-opening security revelations to date. Their research speeds the pace of advancing security to the benefit of all. With this program and partnership, we pledge to drive constant improvement relating to the security interests of our users, with the goal of keeping Wickr the most trusted messaging platform in the world,” Robert Statica, co-founder of Wickr, wrote in a blog post announcing the bug bounty program.
Read more: http://threatpost.com/private-messaging-app-vendor-wickr-offers-hackers-100000-for-bugs/103634
Wickr’s bug bounty program is quite similar to the one announced last year by Microsoft. That program offers hackers up to $100,000 for new offensive techniques that can defeat the memory protections in the latest version of Windows. TheMicrosoft bug bounty program also offers $50,000 to researchers who develop a defensive technique that can stop an existing mitigation bypass.
Wickr is doing something similar, enticing hackers with a payment of up to $100,000 for submitting a new vulnerability “that substantially affects the confidentiality or integrity of user data.” The company also is offering additional cash for a defensive technique, submitted at the same time, that can protect against the new vulnerability. Wickr makes a text messaging app for both Android and iOS that is designed to be secure and protect users’ privacy by shredding deleted files on users’ devices.
“The Wickr Bug Bounty Program is designed to encourage responsible security research in Wickr software. It is impossible to overstate the importance of the role the security research community plays in securing modern software. White-hats, academics, security engineers and evangelists have been responsible for some of the most cutting-edge, eye-opening security revelations to date. Their research speeds the pace of advancing security to the benefit of all. With this program and partnership, we pledge to drive constant improvement relating to the security interests of our users, with the goal of keeping Wickr the most trusted messaging platform in the world,” Robert Statica, co-founder of Wickr, wrote in a blog post announcing the bug bounty program.
Read more: http://threatpost.com/private-messaging-app-vendor-wickr-offers-hackers-100000-for-bugs/103634
