Mega has been available for a few weeks now, but the cloud storage service is still getting attention. A short while ago, Kim Dotcom promised to start a security vulnerability rewards program, after the site had seen quite a lot of scrutiny from security experts.
Now, Mega is reporting on the first bugs found and patched via this program. Seven vulnerabilities were fixed
in total, some more serious than others.
Mega also listed six types of vulnerabilities that it will be rewarding people for, grouped based on their severity, with level six being the most dangerous. The most serious vulnerability fixed in the first round was a level four.
The program is here to stay, so expect more of these vulnerabilities to be discovered and fixed in time. Mega didn't reveal who found the bugs and how much it's paying for them, which may be a bit of a problem for the people looking for them.
For the experts, getting their names recognized is as important as or maybe even more important than the money they make from these programs.
Dotcom has confirmed
that one researcher, Frans Rosén got €1,000 or $1,337 for an XSS vulnerability. Incidentally, that's exactly how much Google pays for this type of vulnerability as well.