Image-based social network Pinterest has launched a bug bounty program powered by the crowdsourced-driven vulnerability disclosure platform Bugcrowd.
Pinterest has a team of people dedicated to finding and fixing bugs, and it has also collaborated with external security experts to ensure that the platform is secure, the company said. In an effort to make the social media website bug-free, the company has now launched an official bug bounty program, and updated its responsible disclosure statement.
“We hope these updates will allow us to learn more from the security community and respond faster to Whitehats,” Paul Moreno, a security engineer at Pinterest, noted Tuesday in a blog post.
For the time being, security experts and researchers who report vulnerabilities are only mentioned in the company’s hall of fame, and rewarded with Kudos points, which can be used to access private bounties where only the top researchers are invited. Some reports are also eligible for “swag” (i.e., a shirt).
“This is just the first step,” Moreno added. “As we gather feedback from the community, we have plans to turn the bug bounty into a paid program, so we can reward experts for their efforts with cash.”
Through the new program, bounty hunters can report security holes found in the main website, www.pinterest.com, and the following subdomains: api.pinterest.com, about.pinterest.com, business.pinterest.com, blog.pinterest.com, help.pinterest.com, developers.pinterest.com and engineering.pinterest.com.
Those who identify flaws are asked to provide enough details to reproduce the vulnerability, give Pinterest a reasonable amount of time to come up with a fix before making any information public, and avoid unauthorized data access and service disruption while conducting tests.
In return, Pinterest promises to send a confirmation when receiving reports, provide an estimate of how long the fix will take, and inform the reporter of when the vulnerability is fixed.
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- Unpatched Econolite Traffic Controller Vulnerabilities Allow Remote Hacking
- Google Fi Data Breach Reportedly Led to SIM Swapping
- Microsoft’s Verified Publisher Status Abused in Email Theft Campaign
- British Retailer JD Sports Discloses Data Breach Affecting 10 Million Customers
- Meta Awards $27,000 Bounty for 2FA Bypass Vulnerability
- Industry Reactions to Hive Ransomware Takedown: Feedback Friday
- US Reiterates $10 Million Reward Offer After Disruption of Hive Ransomware
- Hive Ransomware Operation Shut Down by Law Enforcement
Latest News
- Malicious NPM, PyPI Packages Stealing User Information
- VMware Confirms Exploit Code Released for Critical vRealize Logging Vulnerabilities
- 98% of Firms Have a Supply Chain Relationship That Has Been Breached: Analysis
- Dutch, European Hospitals ‘Hit by Pro-Russian Hackers’
- Gem Security Gets $11 Million Seed Investment for Cloud Incident Response Platform
- Ransomware Leads to Nantucket Public Schools Shutdown
- Stop, Collaborate and Listen: Disrupting Cybercrime Networks Requires Private-Public Cooperation and Information Sharing
- Boxx Insurance Raises $14.4 Million in Series B Funding
