Adobe Inviting Researchers to Private Bug Bounty Program

Adobe on Wednesday called out for all researchers on the HackerOne vulnerability reporting platform to join its VIP private bug bounty program.

The private program builds on the public Vulnerability Disclosure Program (VDP) that Adobe runs on the hacker-powered platform and promises higher rewards for the identified vulnerabilities and tighter collaboration with the research community.

Maintained by Adobe’s Product Security Incident Response Team (PSIRT), the VIP program will reward researchers helping the company identify and quickly address issues in a broad range of products.

Over the past year, the company has added all Adobe desktop and mobile applications to the private program and doubled the maximum bug bounty rewards, which are now paid out faster to the reporting researchers.

Additionally, Adobe is running monthly bounty multiplier campaigns as part of the VIP program, including a bonus campaign that rewards researchers for proof-of-concept (PoC) demonstrations exploiting new vulnerabilities in CISA’s Known Exploited Vulnerabilities (KEV) catalog on Adobe’s products.

“As a member of Adobe-VIP, you’ll have the opportunity to work closely with our world-class team of security experts to help safeguard the digital experiences of millions of people around the globe, and on a much wider set of products than in our public program,” the company notes.

The company’s public program currently covers vulnerabilities in Adobe Commerce, Commerce B2B, and Magento and offers bug bounty rewards of up to $10,000 for critical-severity issues.

Qualified security researchers interested in joining Adobe’s VIP private bug bounty program need to submit an application.

Related: Adobe Patches 14 Vulnerabilities in Substance 3D Painter

Related: Adobe Plugs Gaping Security Holes in Reader, Acrobat

Related: Adobe Acrobat Sign Abused to Distribute Malware