Image-based social network Pinterest has launched a bug bounty program powered by the crowdsourced-driven vulnerability disclosure platform Bugcrowd.
Pinterest has a team of people dedicated to finding and fixing bugs, and it has also collaborated with external security experts to ensure that the platform is secure, the company said. In an effort to make the social media website bug-free, the company has now launched an official bug bounty program, and updated its responsible disclosure statement.
“We hope these updates will allow us to learn more from the security community and respond faster to Whitehats,” Paul Moreno, a security engineer at Pinterest, noted Tuesday in a blog post.
For the time being, security experts and researchers who report vulnerabilities are only mentioned in the company’s hall of fame, and rewarded with Kudos points, which can be used to access private bounties where only the top researchers are invited. Some reports are also eligible for “swag” (i.e., a shirt).
“This is just the first step,” Moreno added. “As we gather feedback from the community, we have plans to turn the bug bounty into a paid program, so we can reward experts for their efforts with cash.”
Through the new program, bounty hunters can report security holes found in the main website, www.pinterest.com, and the following subdomains: api.pinterest.com, about.pinterest.com, business.pinterest.com, blog.pinterest.com, help.pinterest.com, developers.pinterest.com and engineering.pinterest.com.
Those who identify flaws are asked to provide enough details to reproduce the vulnerability, give Pinterest a reasonable amount of time to come up with a fix before making any information public, and avoid unauthorized data access and service disruption while conducting tests.
In return, Pinterest promises to send a confirmation when receiving reports, provide an estimate of how long the fix will take, and inform the reporter of when the vulnerability is fixed.
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- ChatGPT Data Breach Confirmed as Security Firm Warns of Vulnerable Component Exploitation
- Thousands Access Fake DDoS-for-Hire Websites Set Up by UK Police
- Intel Boasts Attack Surface Reduction With New 13th Gen Core vPro Platform
- Dole Says Employee Information Compromised in Ransomware Attack
- High-Severity Vulnerabilities Found in WellinTech Industrial Data Historian
- CISA Expands Cybersecurity Committee, Updates Baseline Security Goals
- Exploitation of 55 Zero-Day Vulnerabilities Came to Light in 2022: Mandiant
- Organizations Notified of Remotely Exploitable Vulnerabilities in Aveva HMI, SCADA Products
Latest News
- Microsoft Puts ChatGPT to Work on Automating Cybersecurity
- Video: How to Build Resilience Against Emerging Cyber Threats
- Nigerian BEC Scammer Sentenced to Prison in US
- China’s Nuclear Energy Sector Targeted in Cyberespionage Campaign
- SecurityScorecard Guarantees Accuracy of Its Security Ratings
- ChatGPT Data Breach Confirmed as Security Firm Warns of Vulnerable Component Exploitation
- 14 Million Records Stolen in Data Breach at Latitude Financial Services
- Webinar Today: Understanding Hidden Third-Party Identity Access Risks
