PayPal has recently made some changes to its official bug bounty program. The company hasn’t announced anything officially, but security researcher and CEO of Vulnerability Lab Benjamin Kunz Mejri has notified us of the changes.
Kunz Mejri believes the new model implemented by PayPal is more transparent.
“Security issues will no longer be unpublic and researchers will not stay in the dark anymore,” the expert told us.
There are two sections in which researchers are credited: the honorable mention section, and the wall of fame.
The PayPal wall of fame lists the names and organizations of the top 10 researchers that reported vulnerabilities in a specific quarter.
Additionally, PayPal now shows the payout ranges for various vulnerabilities included in the bug bounty program.
According to the expert, Barracuda Networks have also made some small changes to their bug bounty program. They’ve introduced three levels of contributions: gold, silver and bronze.
The gold and silver levels credit researchers who have reported vulnerabilities included in the bug bounty program, while the bronze level credits researchers that have reported issues which fall outside the program.