Adobe launches cashless bug bounty2015-03-06 09:56 by Daniela
Tags: Adobe, security
Adobe has launched its own program that stimulates hackers to find vulnerabilities in the company's products. The program is bound with the bug bounty platform HackerOne, and is limited to vulnerabilities affecting Adobe online services or its web properties.
HackerOne is also used by Twitter, Yahoo!, and CloudFlare, some of which provide cash or other rewards to those who disclose security bugs. However, unlike other tech giants, Adobe only offers public recognition for such contributions. Researchers who find vulnerabilities in Adobe's software will boost their their HackerOne reputation score.
Bugs of interest are those including cross-site scripting, server-side code execution, injections, authentication flaws and security misconfiguration. Low-severity cross-site request forgery, password reset issues, missing http security headers and cookie flags as well as clickjacking on static pages are excluded from the program.
"Bug hunters who identify a web application vulnerability in an Adobe online service or web property can now privately disclose the issue to Adobe while boosting their HackerOne reputation score," Pieter Ockers, security program manager at Adobe said. "We invite security researchers to view the disclosure guidelines available here."
"All vulnerabilities affecting Adobe desktop products (ex. Flash Player and Adobe Reader), or enterprise on-premise solutions should be reported via email to the Product Security Incident Response Team [PSIRT@adobe.com]," the company made sure to add.
Read more -here-