Bug Bounty Program Award Winners 2014 - Exclusive Interview by Microsoft & PayPal

Editorial_Staff_Team's picture

Bug Bounty Program Award Winners 2014 - Exclusive Interview by Microsoft & PayPal

Today we finally acknowledge the winners of the official bug bounty program awards 2014. We are happy that the bug bounty award was accepted by the manufacturers because it is held for the first time. Next year, we will make these presentations at a conference to become more stable. We registered for the ceremonie (content of award + name) a tag reg in eu and a little us patent.

In the following article we have two important interviews that became available. The first interview is by an official of the paypal inc bug bounty program and the second one is of a microsoft bug bounty program representative. We contacted the representatives of both companies after the public announcement of the three winners in the magazine. Both parties received an invitation letter to the Cebit 2015 hannover in germany.

Winner of the Best Bug Bounty Program of the Year 2014

The first interview questions are answered by a representative of the official paypal bug bounty program. In december 2014 paypal inc won the voting of the best bug bounty program in 2014. Mr. Dey is a security manager at paypal inc and responsible to the official bug bounty program. The representative traveled after the official invitation to the cebit 2015 in hannover because of accepting the "Best Bug Bounty Program 2014" award.

Sumanta Dey

(PayPal Inc) Sumanta Dey - Manager of Information Security

Vulnerability Labs: PayPal Inc decided to start the Bug Bounty Program in 2011 to 2012? Why?

PayPal Bug Bounty Team: Security has always been a top priority for PayPal. We have industry-leading fraud models and verification techniques, and a team of dedicated security professionals who work vigilantly around the clock to keep our customers’ information safe.  However we recognize the important role passionate security researchers can play in helping us with that process, so we started the program in June 2012.

Vulnerability Labs: Did the official bug bounty program helps the company to get more less cyber damage (hacking, exploits, unauthorized access, phishing and co.) ?

PayPal Bug Bounty Team: Our Bug Bounty program was established to identify and resolve potential vulnerabilities to help keep our customers safe, while at the same time building a community that enables researchers to benefit from their work. This program has been successful in many ways, and accomplished what we set out to do.

Vulnerability Labs: What was the most active countries that participated in the official bug bounty program of paypal inc?

PayPal Bug Bounty Team: We have a very large researcher community around the world, with active participants in more than 70 countries. However India is our most active.

Vulnerability Labs: What was a mature problem to the official bug bounty program team that has been solved?

PayPal Bug Bounty Team: Keeping our customers safe is our top priority, so we take every potential vulnerability seriously and treat it with focus and care. As our program has evolved so has our knowledge base, so as a whole our Bug Bounty program is stronger than ever.

Vulnerability Labs: Are you proud about the results of the independent security award nomination to your company (PayPal Inc)?

PayPal Bug Bounty Team: Yes, we are very proud of our program. We have a large – and growing – researcher community around the world that helps us uncover great finds. We attribute our great success to our Bug Bounty Team members and our researcher community. We’re always looking for great researchers, so for those interested in joining our program, they can email ebayincbugbounty@ebay.com or Google “PayPal Bug Bounty Program” for more information.

Vulnerability Labs: What are the future plans in the paypal inc bug bounty program?

PayPal Bug Bounty Team: Our research community continues to grow rapidly (it's already at more than 1,100 participants), and we're now looking at scaling our processes and other efforts to provide the best possible experience with all our great contributors.

Reference(s): ©

https://www.paypal-community.com/t5/PayPal-Forward/PayPal-Wins-Best-Bug-Bounty-Program-Award/

http://www.vulnerability-lab.com/list-of-bugbounty-program-year.php

 

Winner of the Best Upcoming Bug Bounty Program of the Year 2014

The second interview questions are answered by a representative of the official microsoft online bug bounty program. The microsoft bug bounty program became available in 2014Q1 to public security researchers. In december 2014 the microsoft corporation won the voting of the best upcoming bug bounty program in 2014.

(Microsoft Corporation) Akila Srinivasan - Security Program Manager  & Jason Shirk - Principal Security Manager

Vulnerability Labs: How many researchers successfully participated in the official Microsoft corporation "online-services" bug bounty program?

Microsoft Bug Bounty Team: Microsoft has rewarded 34 researchers, some with multiple bounties. Over 100 researchers have participated in the Online Services Bounty program to date.

Vulnerability Labs: What is the highest payment processed by the Microsoft "online-service" bug bounty program in 2014?

Microsoft Bug Bounty Team: The highest payment processed under the Online Services program is $5000 (USD). However, we have also awarded $125,000 (USD) for a single report under Mitigation Bypass Bounty and Bounty for Defense. Please see the Bounty Honor Roll for additional information on bounty recipients.

Vulnerability Labs: What is the most critical/severe Vulnerability that has been resolved through the bug bounty program?

Microsoft Bug Bounty Team: The highest Online Services bug bounty paid to date was for an authentication issue (auth bypass).

Vulnerability Labs: Are you proud about the results of the independent security award nomination to your company (Microsoft Corporation)?

Microsoft Bug Bounty Team: We are pleased and humbled to be recognized by Vulnerability Labs for our Online Services Bounty program. This kind of external positive feedback is appreciated for a program that was designed to help keep our customers more secure.

Vulnerability Labs: Did the official bug bounty program helps the company to get more less cyber damage (hacking, exploits, unauthorized access, phishing and co.) ?

Microsoft Bug Bounty Team: Enlisting the help of the security research community has brought attention to a number of unique issues, which we’ve been able to respond to.

Vulnerability Labs: What are the future plans in the Microsoft online bug bounty program? And is an expansion in planning?

Microsoft Bug Bounty Team: We have plans for expanding the Microsoft bug bounty program. Stay tuned for future announcements in the coming weeks.

Reference(s): ©

https://technet.microsoft.com/en-us/library/dn425036.aspx

http://www.vulnerability-lab.com/list-of-best-upcomings-bugbounty-program.php

 

Winner of the Best Bug Bounty Issue (Vulnerability Report) of the Year 2014

The third part of the article is about ateeq ur rehman khan a security consultant of pakistan. He already work for about 5 years in the it-security sector. Due to his participation in several bug bounty programs like paypal, microsoft and yahoo he discovered a mozilla zero-day vulnerability in 2014.

The vulnerability was marked as critical and had a deeper impact to the gecko core engine of the browser. Ateeq won the best vulnerability of 2014 award because of disclosing the well known wire tap vulnerability in mozilla thunderbird. To refresh your mind we embed the video to demonstrate the impact of his vulnerability report.

Advisory: http://www.vulnerability-lab.com/get_content.php?id=953

Thanks to all the manufacturers for accepting the award. We are proud about  the first bug bounty award to manufacturers and we will successful! continue the project to the end of the year (2015). The next ceremonie of the bug bounty program award will be at a stable security conference with 2 month ahead invitation.

Read Article(s):

http://www.vulnerability-lab.com/list-of-bug-bounty-programs.php

http://www.vulnerability-lab.com/list-of-best-bugbounty-issues-year.php

http://magazine.vulnerability-db.com/?q=articles/2015/02/01/announcement-winners-best-bug-bounty-program-best-upcoming-program-best-issue

http://magazine.vulnerability-db.com/?q=articles/2015/01/12/bug-bounty-programs-manufacturer-award-31st-january-2015

Rate this article: 
Average: 5 (17 votes)

Add new comment

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.