Netflix opens public bug bounty

By on
Netflix opens public bug bounty

Up to US$15,000 on offer for critical flaws.

Streaming giant Netflix has launched a public bug bounty program in partnership with Bugcrowd to encourage security researchers to hunt down flaws in its platform.

Netflix first started a "responsible vulnerability disclosure program" in 2013 to enable researchers to report issues, and has been operating a private bug bounty program with Bugcrowd since 2016.

It said it has received and addressed 190 reports since the introduction of the 2013 program, and has grown its Bugcrowd partnership from 100 researchers to 700 in preparation for the launch of the public bug bounty today.

"We have attempted to finetune things like triage quality, response time and researcher interactions to build a quality program that researchers like to participate in," Netflix said in a post.

The biggest payout in the private program was $15,000 for an unspecified critical vulnerability, Netflix said. It has so far received 145 valid reports.

Its public program is offering bounties ranging from US$100 to US$15,000 depending on severity.

It is encouraging researchers to focus their attention on cross-site scripting and request forgery, SQL injection, authentication and authorisation issues, data exposure, redirection attacks, remote code execution, mobile API vulnerabilities, and "particularly clever vulnerabilities or unique issues that do not fall into explicit categories".

"We are so excited to launch our public program and we hope to expand our researcher community," Netflix said.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © . All rights reserved.

Most Read Articles

Log In

  |  Forgot your password?