14 DAY TRIAL // Implementing bug bounty programs proved to be a sound investment numerous times and, as Square mobile payments firm has increased its business and made it a priority to protect its customers, they have initiated such a program in order to improve security for its customers.
“With so many sellers relying on Square to run and grow their business, we’ve made protecting them a priority. We monitor every transaction from swipe to payment, innovate in fraud prevention, and adhere to industry-leading standards to manage our network and secure our web and client applications. We protect our sellers like our own business depends on it — because it does,” said Neal Harris, head of application security team at Square in a post announcing the company’s security bug bounty initiative.
They chose HackerOne as the platform for the program, which offers complete management over the disclosure of security vulnerabilities so that the entire process is completed smoothly and efficiently.
On the Square page of the program there is detailed information on the eligibility of the bugs, information that needs to be passed to the security team of the company and the disclosure policy for being awarded the payment. At the moment, Square lists a minimum bounty of $250 / €187.
It appears that the famous security expert Dino Dai Zovi has been brought on board. He is a frequent speaker at large security conferences, such as DefCon, BlackHat, and CanSecWest, and authored books on hacking and software security testing.
He is also one of the co-founders of the Pwnie Awards, the security industry’s recognition of excellence and incompetence regarding the discovery of flaws and response to address them.