1. IT-Security >
  2. Cyber Security Nachrichten >
  3. Netflix Launches Public Bug Bounty Program


ArabicEnglishFrenchGermanGreekItalianJapaneseKoreanPersianPolishPortugueseRussianSpanishTurkishVietnamese

Netflix Launches Public Bug Bounty Program

RSS Kategorie Pfeil IT Security Nachrichten vom | Quelle: feedproxy.google.com Direktlink öffnen

Netflix announced on Wednesday the launch of a public bug bounty program with rewards of up to $15,000, and Dropbox has made some changes to its vulnerability disclosure policy, promising not to sue researchers.

Netflix has had a vulnerability disclosure policy for the past 5 years and a private bug bounty program since September 2016. The company has now decided to make its bug bounty initiative public through the Bugcrowd platform.

Its vulnerability disclosure policy and private bug bounty have helped Netflix patch 190 vulnerabilities. The private program started with 100 of Bugcrowd’s top researchers, but more than 700 white hat hackers were later invited in preparation for the public program.

Researchers can earn between $100 and $15,000 for flaws affecting one of several Netflix domains and the mobile applications for iOS and Android. The company claims the highest reward paid out to date is $15,000 for a critical security hole.

The types of vulnerabilities that can be submitted include cross-site scripting (XSS), cross-site request forgery (CSRF), SQL injection, authentication and authorization, data exposure, remote code execution, redirection, business logic, MSL protocol, and mobile API issues. Netflix says it acknowledges vulnerability reports, on average, in less than 3 days.

“Engineers at Netflix have a high degree of ownership for the security of their products and this helps us address reports quickly,” Netflix said in a blog post. “Our security engineers also have the autonomy and freedom to make reward decisions quickly based on the reward matrix and bug severity. This ultimately helps create an efficient and seamless experience for researchers which is important for engagement in the program.”

Dropbox makes changes to vulnerability disclosure policy

Dropbox has not set a maximum amount of money that researchers can earn through its HackerOne-based bug bounty program. To date, the company has paid out more than $200,000 for over 220 vulnerabilities.

However, the changes made by the company are not related to bounty amounts and instead they focus on the vulnerability disclosure policy and assuring researchers that they will not get sued even if they accidentally violate terms of the program.

Several researchers have faced lawsuits recently over vulnerability disclosures, and Dropbox wants to help avoid such situations. The company has promised “to not initiate legal action for security research conducted pursuant to the policy, including good faith, accidental violations.”

Dropbox says it will allow researchers to publish the details of the vulnerabilities they find, and will not file Digital Millennium Copyright Act (DMCA) action against them as long as their activities are consistent with the company’s vulnerability disclosure policy.

The new policy includes a clear statement that research constitutes “authorized conduct” under the controversial Computer Fraud and Abuse Act (CFAA). Furthermore, as long as the researcher complies with Dropbox’s policy, the company will clearly state that their actions were authorized in case of a lawsuit initiated by a third party.

“We’re also happy to announce that all of the text in our VDP is a freely copyable template,” Dropbox said. “We’ve done this because we’d like to see others take a similar approach. We’ve put some effort in to this across our legal and security teams and if you like what you see, please use it.”

Related: Netflix Releases Open Source Security Tool "Stethoscope"

Related: Keeper Sues Ars Technica Over Reporting on Critical Flaw

Related: Netflix Helps Identify APIs at Risk of Application DDoS Attacks

view counter
Eduard Kovacs is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
...

Webseite öffnen Komplette Webseite öffnen

Newsbewertung

Kommentiere zu Netflix Launches Public Bug Bounty Program






Ähnliche Beiträge

  • 1. Windows 10 SDK Preview Build 18298 available now! vom 942.9 Punkte ic_school_black_18dp
    Today, we released a new Windows 10 Preview Build of the SDK to be used in conjunction with Windows 10 Insider Preview (Build 18298 or greater). The Preview SDK Build 18298 contains bug fixes and under development changes to the API surface area. T
  • 2. Windows 10 SDK Preview Build 18298 available now! vom 942.9 Punkte ic_school_black_18dp
    Today, we released a new Windows 10 Preview Build of the SDK to be used in conjunction with Windows 10 Insider Preview (Build 18298 or greater). The Preview SDK Build 18298 contains bug fixes and under development changes to the API surface area. T
  • 3. Windows 10 SDK Preview Build 18298 available now! vom 942.9 Punkte ic_school_black_18dp
    Today, we released a new Windows 10 Preview Build of the SDK to be used in conjunction with Windows 10 Insider Preview (Build 18298 or greater). The Preview SDK Build 18298 contains bug fixes and under development changes to the API surface area. T
  • 4. Windows 10 SDK Preview Build 18950 available now! vom 629.62 Punkte ic_school_black_18dp
    Today, we released a new Windows 10 Preview Build of the SDK to be used in conjunction with Windows 10 Insider Preview (Build 18950 or greater). The Preview SDK Build 18950 contains bug fixes and under development changes to the API surface area. The Preview SDK
  • 5. Windows 10 SDK Preview Build 18290 available now! vom 623.48 Punkte ic_school_black_18dp
    Today, we released a new Windows 10 Preview Build of the SDK to be used in conjunction with Windows 10 Insider Preview (Build 18290 or greater). The Preview SDK Build 18290 contains bug fixes and under development changes to the API surface area. T
  • 6. Windows 10 SDK Preview Build 18956 available now! vom 472.98 Punkte ic_school_black_18dp
    Today, we released a new Windows 10 Preview Build of the SDK to be used in conjunction with Windows 10 Insider Preview (Build 18956 or greater). The Preview SDK Build 18956 contains bug fixes and under development changes to the API surface area. The Preview SDK
  • 7. Windows 10 SDK Preview Build 18282 available now! vom 442.26 Punkte ic_school_black_18dp
    Today, we released a new Windows 10 Preview Build of the SDK to be used in conjunction with Windows 10 Insider Preview (Build 18282 or greater). The Preview SDK Build 18282 contains bug fixes and under development changes to the API surface area. T
  • 8. Windows 10 SDK Preview Build 18945 available now! vom 442.26 Punkte ic_school_black_18dp
    Today, we released a new Windows 10 Preview Build of the SDK to be used in conjunction with Windows 10 Insider Preview (Build 18945 or greater). The Preview SDK Build 18945 contains bug fixes and under development changes to the API surface area. The Preview SDK
  • 9. Netflix Launches Public Bug Bounty Program vom 252.36 Punkte ic_school_black_18dp
    Netflix announced on Wednesday the launch of a public bug bounty program with rewards of up to $15,000, and Dropbox has made some changes to its vulnerability disclosure policy, promising not to sue researchers. Netflix has had a vulnerability disclosure policy for the past 5 years an
  • 10. Netflix Launches Public Bug Bounty Program vom 252.36 Punkte ic_school_black_18dp
    Netflix announced on Wednesday the launch of a public bug bounty program with rewards of up to $15,000, and Dropbox has made some changes to its vulnerability disclosure policy, promising not to sue researchers. Netflix has had a vulnerability disclosure policy for the past 5 years an
  • 11. Earn $1 Million- Apple Bug Bounty Offer vom 212.62 Punkte ic_school_black_18dp
    Earn $1 Million From Apple Bug Bounty Great News for Bug Bounty Hunters Apple increases its Bug bounty reward from $20000 to $1 Million.... The post Earn $1 Million- Apple Bug Bounty Offer appeared first on HackersOnlineClub.
  • 12. Netflix seems broken again with Firefox on Linux vom 195.78 Punkte ic_school_black_18dp
    Netflix on Linux with Firefox has been working fine for months without issue, and today started throwing the F7121-1331 error code. The "technical" page on this error simply recommends upgrading or trying another browser. Thinking that Netflix might want to kn