Bounty bounty programs have been gaining popularity in the cybersecurity landscape in recent years. And Cloudflare, the network infrastructure and internet protection company, announced its own public vulnerability detection initiative.
Flaws discovered and reported to Cloudflare will be rated by the company’s developer team according to the CVSS3 vulnerability severity index. And the higher the risk level, the greater the reward the developer responsible for the discovery will receive, with amounts ranging from $100 to $3,000.
The new version of the program is now available, having been launched last Tuesday (01). Information about the initiative, as well as tools and guides on how to hunt bugs are being made available on the HackerOne platform, known for other similar projects.
Want to stay on top of the best tech news of the day? Access and subscribe to our new youtube channel, Kenyannews News. Every day a summary of the main news from the tech world for you!
Other Cloudflare Bug Hunting Initiatives
Cloudflare’s new public program is actually a new version of a system created by the company in 2014 that allowed developers to submit their findings in terms of vulnerabilities to their IT sector — but which did not award any findings.
The previous program received about 1,190 failure reports, but only 13% of them were valid, due to the volunteers’ difficulty in understanding how the platform and its products worked.
In addition, in 2018 Cloudflare opened a private rewards program, exclusively for IT researchers, which continues to this day. In total, US$ 211 thousand were distributed as prizes for discovering vulnerabilities on the platform.
Both Cloudflare’s new and researcher-only program will co-exist, and more information about both initiatives can be found on the company’s official website.