Adobe enters bug hunting programme

Adobe is now offering recognition – but not money – to hackers who find security flaws in its software.

The company has joined the HackerOne forum to tap the external community of technical experts able to exploit weaknesses in its code. A blog post on 4 March said the move recognised the “important role that independent security researchers play”.

The rules are simple. The hunt is limited to web applications. Those who are the first to report a non-trivial vulnerability (a list of trivial ones is provided), and who wait for Adobe to rectify it before they go public, are awarded recognition points.

Adobe’s decision not to offer cash bounties is likely to attract a different breed of bug hunter to those buzzing around other Silicon Valley properties. Last year, Facebook paid out $1.3 million in bug bounties, with the top five earners netting over $250,000 between them. India contributed the single largest number of bug reports by territory, followed by Egypt, the US, the UK and the Philippines.

Google paid out even more, with $1.5 million going to researchers. Its largest single award was $150,000, which also earned the bounty-hunter an internship with the company.

Featured

More
articles

Celebrating Achievement of Finalist in the North America Software Testing Awards 2023!

Here are the North American Software Testing Awards of 2022!

Website

Our Sites

Products

Newsletter

Your form has been submitted

More articles

Celebrating Achievement of Finalist in the North America Software Testing Awards 2023!

Uptake of cloud and M2M implementations in global smart plants market

Here are the North American Software Testing Awards of 2022!

Your form has been submitted

More
articles