While Facebook and Microsoft already run security bug bounty programs of their own, the two companies are now working together to reward researchers who can find flaws in some of the underlying technologies behind online communications.
The Internet Bug Bounty program will pay a minimum for $5,000 for flaws in sandboxed applications or for bugs in fundamental internet technologies such as DNS and SSL. Lower payouts are offered for spotting problems in Ruby, Python, PHP, Apache, Perl, and other software.
“Our collective safety is only possible when public security research is allowed to flourish. Some of the most critical vulnerabilities in the internet’s history have been resolved thanks to efforts of researchers fueled entirely by curiosity and altruism,” the two companies said on the bounty program’s website.
“We owe these individuals an enormous debt and believe it is our duty to do everything in our power to cultivate a safe, rewarding environment for past, present, and future researchers.”