Researchers are provided with a centralized submissions tool

Feb 17, 2014 12:14 GMT  ·  By

eBay had decided to combine its bug bounty programs. From now on, security researchers who want to report vulnerabilities in PayPal or Magento will have to submit their reports in the eBay Bug Bounty Program.

In an email sent out to security researchers who have contributed to the bug bounty programs, eBay has revealed that it’s providing white hat hackers with a centralized tool that they can use to submit bugs.

“By combining our programs, researchers will now have a more streamlined and simplified way to submit and get updates on [their] bugs,” the email reads.

The new tool provides researchers with a template that they can use to submit their exploits. This will replace the email submission process. The tool also allows participants to search their bug submissions.

In order to start utilizing the tool, experts must register with their eBay user ID and PayPal account. After registration, researchers can authenticate with their eBay user ID.

Questions regarding the bug bounty programs must be sent to [email protected].

Benjamin Kunz Mejri, the founder and CEO of Vulnerability Lab, has submitted numerous vulnerability reports to eBay. He believes the decision to combine the bug bounty programs is a good one.

“I think the fusion of the both programs makes sense because every company combines its own resources to become more effective at the end,” Mejri told Softpedia in an emailed statement.

“The issues will be validated fast and well-coordinated to ensure customers are more secure in the future. We look forward to continuing the research exchange partnership with PayPal and eBay in 2014,” he added.

Hat tip to Benjamin Kunz Mejri for informing us of the changes in the bug bounty programs.