Slashdot Mirror

← Back to Stories (view on slashdot.org)

Mega Vulnerability Reward Program Starts Payouts: 7 Bugs Fixed In First Week

Posted by timothy on from the paid-in-bitcoins-of-course dept.

An anonymous reader writes "If you're a hacker or a security researcher, this is a reminder that you don't have to take on Google's or Mozilla's software to get paid for finding a bug. In its first week, the Mega vulnerability reward program has already confirmed and fixed seven bugs, showing that Dotcom really does put his money where his mouth is. Although Mega hasn't shared how much money it paid out in the first week, how many bug submissions were made, or even who found which bugs, the company did briefly detail the discovered security holes. It also confirmed that the program is here to stay and urged those participating to find more severe bugs."

5 of 41 comments (clear)

  1. Good Work Kim by sidevans · · Score: 5, Interesting

    Lets hope it helps keeps those annoying federal police out of your servers.

    --
    I'm not signing anything
  2. New way to get software made cheap by Anonymous Coward · · Score: 5, Funny

    1. Pay unskilled programmers little money to quickly turn out software.
    2. Release software you know is completely buggy and insecure.
    3. Offer bounty for better programmers to find bugs at overall cheaper rate.

    1. Re:New way to get software made cheap by ACluk90 · · Score: 5, Interesting

      At least the bugs are fixed.

      And frankly, if this is the way yielding the best product for your money: Why not?

    2. Re:New way to get software made cheap by eksith · · Score: 5, Insightful

      1. Is sadly how a large number of shops turn out work. A lot of software is about brand name and marketing over quality. If it's closed source, you'll have no idea just how bad it is. Not saying open source is better, but at least someone can decide objectively whether it's rubbish or not when they can see the inner workings.

      2. Happens a lot, but not as often nowadays with very popular players. And a lot less when practically the whole world is looking at you. ME with Microsoft was probably the big poster child for this, but since then, they've been better (we'll skip Vista, since its biggest problem was making things that used to work, not work anymore)

      3. Is also what Google does. And frankly, it's a very good system. Provided the majority of programmers are still driven by ethos and bragging rights, the money's just icing on the cake. Of course, if they still value money more, then that's a problem for the original software makers since governments can afford to shell out more dough.

      The black market is very lucrative and there are very successful programmers in that world I.E. The Grugq. Now we can debate the ethics of the business, but in the end, they're just catering to demand. Killing supply doesn't work (case in point, the war on drugs), so that leaves the demand to be worked on by companies that care more about security and clients who push for it.

      --
      If computers were people, I'd be a misanthrope.
    3. Re:New way to get software made cheap by Gorshkov · · Score: 5, Insightful

      1. Pay unskilled programmers little money to quickly turn out software.

      1. Pay the best programmers you can find and give them the time and resources they need to turn out a top quality product.

      2. Release software you know is completely buggy and insecure.

      2. Release software after it has been tested in every way you can think of, and fix even the smallest bugs you can find.

      3. Offer bounty for better programmers to find bugs at overall cheaper rate.

      This step remains the same - because it doesn't matter who you hire, how good they are, or how much time they have - any significant software system is so complex that only a total idiot would assume there are no bugs.