Tor prepares a Bug Bounty program that will reward those who find bugs, Intending to encourage developers and stakeholders to find vulnerabilities in its platform and the style of other strategies followed by companies like Microsoft, Google and Paypal; Tor is preparing a rewards program that will reward those who detected.
In particular it will launch tomorrow, coinciding with the New Year, although initially only be available for a few guests. In hindsight, though, it will be made public so that all stakeholders can qualify for the incentives.
A Bug Bounty program
In this way and as part of a presentation on the “State of Onion” at the Chaos Communication Congress in Hamburg, Nick Mathewson, co-founder of the organization, referred to the need for this kind of initiative. “We are very grateful to people that has been fixed in our code for years, but the only way to keep improving is to get more people involved, “he stated.
To achieve this will rely on the services of HackerOne a specialized platform that allows companies to test their programs and challenges to programmers and researchers to take on new challenges in this regard. The rates are handled in this area, in fact, are certainly attractive, but range depending on the company involved from a few hundred dollars to tens of thousands as in the case of Facebook, In 2014, Facebook paid a total of $1.3 million in bounties.
An approach that contrasts sharply with other usual practices such as, for example, those hackers that instead of informing the affected company is vulnerable, takes the opportunity to sell this information one other data that may have access to government, business . “This program will encourage people to look at our code, find flaws in it, and help us to improve it,” Mathewson said.