You can now find Cyber Kendra on Google News!

Pinterest Launches Bug Bounty Program

Pinterest Launches Bug Bounty Program, Bug bounty program, vulnerability on Pinterest, Pinterest security issue, report vulnerability to Pinterest , security updates on Pinterest , Pinterest bounty program, Pinterest reward, bug hunting, security experts
Pinterest Launches Bug Bounty Program, Bug bounty program, vulnerability on Pinterest, Pinterest security issue, report vulnerability to Pinterest , security updates on Pinterest , Pinterest bounty program, Pinterest  reward, bug hunting, security experts
Image-based social network Pinterest has launched a bug bounty program powered by the crowdsourced-driven vulnerability disclosure platform Bugcrowd. Pinterest security engineer, Paul Moreno, have announced the program on blog post, which says-“We hope these updates will allow us to learn more from the security community and respond faster to Whitehats,”.

In effort to make the social media website bug free the company has now launched an official bug bounty program, and updated its responsible disclosure statement.

According to the bounty program policy, Pinterest is now only giving Hall-of-Fame to the researcher and some reports are also eligible for “swag” (i.e., a shirt).

Regarding the bounty policy, Moreno has also says-
"As we gather feedback from the community, we have plans to turn the bug bounty into a paid program, so we can reward experts for their efforts with cash."
Means in future Pinterest can pay to the researcher for their vulnerability reports.

The bounty program is valid for the main website (www.pinterest.com) along with the following subdomains: api.pinterest.com, about.pinterest.com, business.pinterest.com, blog.pinterest.com, help.pinterest.com, developers.pinterest.com and engineering.pinterest.com.

Researcher can report the vulnerability via Bugcrowd to be eligible for the reward. Pinterest asked the researcher to give a reasonable amount of time to come up with a fix before making any information public, and avoid unauthorized data access and service disruption while conducting tests.

Post a Comment