Twitter awarded bug bounty hunters $322,420 over two years

The highest amount anyone ever got was $12,040.

Sponsored Links

Mariella Moon
May 28, 2016 2:34 AM
In this article: bugbounty, gear, security, twitter
Twitter awarded bug bounty hunters $322,420 over two years

A total of 1,662 researchers earned some cash from Twitter's bug bounty program since it launched in May 2014. Twitter has revealed that it received 5,171 reports and that it paid out a total of $322,420 over two years' time. The smallest amount anyone ever got was $140, while the biggest was $12,040. Although bug hunting for Facebook sounds much more lucrative -- the social network spent a million dollars within the first two years of its own program and awarded some researchers over $100,000 each -- a single bug hunter for Twitter did make $54,000 in 2015.

Not to mention, the microblogging website has a standing offer of $15,000 for anyone who discovers a vulnerability that leaves it open to remote code executions. Twitter says it hasn't received any yet, but that's good news for the company. Besides talking about all the money that changed hands for the program, Twitter also revealed that only 20 percent of fixed bugs have been publicly disclosed. It says the company only discloses flaws "after they've been fixed, at the request of the researcher." If you're wondering what kind of vulnerabilities bounty hunters come across, Twitter lists some of the researchers' most notable finds in the same post.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission. All prices are correct at the time of publishing.
Popular on Engadget