Mega Vulnerability Reward Program Starts Payouts: 7 Bugs Fixed In First Week

An anonymous reader writes "If you're a hacker or a security researcher, this is a reminder that you don't have to take on Google's or Mozilla's software to get paid for finding a bug. In its first week, the Mega vulnerability reward program has already confirmed and fixed seven bugs, showing that Dotcom really does put his money where his mouth is. Although Mega hasn't shared how much money it paid out in the first week, how many bug submissions were made, or even who found which bugs, the company did briefly detail the discovered security holes. It also confirmed that the program is here to stay and urged those participating to find more severe bugs."

Good Work Kim

[sidevans]

Lets hope it helps keeps those annoying federal police out of your servers.

Re:New way to get software made cheap

[ACluk90]

At least the bugs are fixed.

And frankly, if this is the way yielding the best product for your money: Why not?

Bounties for more than security bugs

[Mandrel]

It's disappointing that software makers seem to only ever offer bounties for security bugs, rather than for all types of bugs and for ideas to improve the software. Don't worry if the software is a POS to use — no-one can misuse it!

Bounties for ideas and general fixes are feasible if contributors must agree that the company takes ownership of any submitted ideas, and that no compensation should be expected. Payments are totally at the company's discretion. This should cover the legal worries that currently make such payments very rare.

At the same time a company would be smart to provide monetary rewards that acknowledge suggestions that have clearly benefited the company. It's good business, and good PR.