PayPal Inc. announced a 'bug bounty' program, an update to the process it uses to solicit bug reports from security researchers.
The eBay unit says it based its new program on those of tech giants such as Facebook and Google.
"While a small handful of other companies have implemented bug bounties, we believe we are the first financial services company to do so," Michael Barrett, PayPal's chief information security officer, said in a post to PayPal's blog June 21.
Researchers should submit bug reports through the usual process, Barrett says. After the bug is categorized, vetted and fixed, a payment is made to the researcher's PayPal account.
"I originally had reservations about the idea of paying researchers for bug reports, but I am happy to admit that the data has shown me to be wrong," he says. "It’s clearly an effective way to increase researchers' attention on Internet-based services and therefore find more potential issues."