Encrypted messaging app Wickr is inviting hackers to hack its app for money.
The company announced its version of a bug bounty program today saying it will pay out up to $100,000 for an individual vulnerability “that substantially affects the confidentiality or integrity of user data.” If you can figure out how to plug the hole or provide interesting enough “defense techniques,” Wickr may also pay you for that information.
Facebook, Google, Yahoo, and Microsoft all support their own versions of a bug bounty program. In August, Google announced that it had paid out over $2 million in bug rewards. The news cam soon after Facebook announced that it hit $1 million paid out to bug hunters.
Yahoo recently changed its rewards policy from t-shirts to $15,000 for a vulnerability — probably a good swap. No one likes to look cheap.
Wickr has a special connection to the hacker community through its co-founder Nico Sell who has been deeply involved with Def Con for years. Sell is often referred to as the “press ninja” at the conference, which has hosted over 10,000 hackers at its relatively gritty Vegas gathering. Wickr says it has otherwise invited professional penetration testers to come in an check out the app’s security as well.
A penetration testing company will often come in and do the work of a bug hunter under a more professional umbrella. They are trained to search for defects in both your digital and physical security. A number of black hat hackers turned white hat have opened companies of this nature including famed 90s hacker Kevin Mitnick.
Wickr says that anyone reporting bugs within this program will not be allowed to disclose them to third parties within a three month grace period in which the company can review and patch the issue. You can submit bugs to firstname.lastname@example.org.