Keeping a bounty for finding bugs is a popular way used by large corporations Google, Mozilla, Microsoft, PayPal and Facebook to find bugs, security threats, vulnerabilities and backdoors into their Apps, browsers or software. But a thing to note is that these corporations have mighty deep pockets but Wickr is just a new kid on the block kind of publisher. In fact it is yet to break into the legion of top rated messaging Apps like WhatsApp, Snapchat or WeChat. That however does not make the reward less appealing especially if the bounty offered is so high with the potential payoff being $100,000.
Wickr’s bug bounty program is quite similar to the one announced in November by Microsoft. Micorsoft had offered an amount of upto $100,000 to hackers provided they find and discover the mitigation(defences or firewalls) bypass loopholes in the Microsoft software. Wickr is attempting something similar. It will make a payment of upto $1000,000 to any hackers who can submit a new vulnerability in its App “that substantially affects the con?dentiality or integrity of user data.”
In addition to the above, Wickr will also offer additional cash if the hacker submits a defensive technique to overcome any vulnerability he or she finds. This however must be submitted alongwith the offensive technique which has potential to leak user data.
While announcing the bounty, Robert Statica, co-founder of Wickr, wrote as follows on Wickr blog post
“The Wickr Bug Bounty Program is designed to encourage responsible security research in Wickr software. It is impossible to overstate the importance of the role the security research community plays in securing modern software. White-hats, academics, security engineers and evangelists have been responsible for some of the most cutting-edge, eye-opening security revelations to date. Their research speeds the pace of advancing security to the bene?t of all. With this program and partnership, we pledge to drive constant improvement relating to the security interests of our users, with the goal of keeping Wickr the most trusted messaging platform in the world.”
If you are an security analyst, ethical hacker, academic in field of security or a white hat hacker, you can sign up for the Wickr program. The only condition is that once you submit the vulnerability you cannot disclose it on any public domain for a period of three months.
The bounty program is open to all citizens of the world excluding the countries on United States embargo list and depending on your findings about any loop holes in Wickr, the payout will range from $10,000 to $100,000.