Microsoft, Facebook unite for Internet Bug Bounty program

The companies are teaming up to reward people who find vulnerabilities in certain Web applications. Among the challenges? Hack the Internet.

Lance Whitney Contributing Writer
Lance Whitney is a freelance technology writer and trainer and a former IT professional. He's written for Time, CNET, PCMag, and several other publications. He's the author of two tech books--one on Windows and another on LinkedIn.
Lance Whitney

Track down a security hole on the World Wide Web, and you could earn as much as $5,000.

Sponsored by Microsoft and Facebook, the Internet Bug Bounty challenges you to hack your way into such critical Web platforms as OpenSSL, PHP, Perl, and Apache. One challenge even invites you to hack the Internet itself, meaning finding a bug that affects a wide range of products and users.

"If the public is demonstrably safer as a result of your contribution to internet security, we'd like to be the first to recognize your work and say 'thanks' by sending some cash to you or your favorite non-profit," the site promises.

The bounty varies depending on which platform you hack. Finding a security hole in Apache can earn you $500, while taking on the whole Internet can add $5,000 to your bank account. A panel comprising people from Microsoft, Facebook, and Google will judge which hacks are reward-worthy.

Microsoft already offers its own cash prizes for those who uncover security holes. But a bounty offer team-up among the three tech rivals is something new.

The program is the brainchild of Facebook Product Security Lead Alex Rice, according to Reuters. Rice said he came up with the idea one day after having drinks with Katie Moussouris, who runs Microsoft's bounty program, and Chris Evans, who is part of Google's Chrome browser security team.