The Latest in IT Security

Pinterest Launches Bug Bounty Program

29
May
2014

Image-based social network Pinterest has launched a bug bounty program powered by the crowdsourced-driven vulnerability disclosure platform Bugcrowd.

Pinterest has a team of people dedicated to finding and fixing bugs, and it has also collaborated with external security experts to ensure that the platform is secure, the company said. In an effort to make the social media website bug-free, the company has now launched an official bug bounty program, and updated its responsible disclosure statement.

“We hope these updates will allow us to learn more from the security community and respond faster to Whitehats,” Paul Moreno, a security engineer at Pinterest, noted Tuesday in a blog post.

For the time being, security experts and researchers who report vulnerabilities are only mentioned in the company’s hall of fame, and rewarded with Kudos points, which can be used to access private bounties where only the top researchers are invited. Some reports are also eligible for “swag” (i.e., a shirt).

“This is just the first step,”Moreno added.”As we gather feedback from the community, we have plans to turn the bug bounty into a paid program, so we can reward experts for their efforts with cash.”

Through the new program, bounty hunters can report security holes found in the main website, www.pinterest.com, and the following subdomains: api.pinterest.com, about.pinterest.com, business.pinterest.com, blog.pinterest.com, help.pinterest.com, developers.pinterest.comand engineering.pinterest.com.

Those who identify flaws are asked to provide enough details to reproduce the vulnerability, give Pinterest a reasonable amount of time to come up with a fix before making any information public, and avoid unauthorized data access and service disruption while conducting tests.

In return, Pinterest promises to send a confirmation when receiving reports, provide an estimate of how long the fix will take, and inform the reporter of when the vulnerability is fixed.

Tweet

Previous Columns by Eduard Kovacs:Pinterest Launches Bug Bounty ProgramHackerOne Secures $9 Million, Appoints Katie Moussouris Chief Policy OfficerTrueCrypt Is Not Secure, Developers WarnMicrosoft Launches Security Bulletin Customization Service Industry Speaks: Chinese Hackers Should Not be Banned From US Security Conferences

sponsored links

Tags: NEWS INDUSTRY

Vulnerabilities

Comments are closed.

Categories

SATURDAY, SEPTEMBER 26, 2020
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments