Netflix bug bounty program offers top rewards of $15,000
As much as we'd like to think otherwise, no software is free of security issues. That's why it's important for tech companies to play an active role in finding and fixing as many bugs as possible before they're exploited. Implementing a bug bounty program can be very effective, as the product is exposed to various testing mindsets and approaches which can uncover some nasty surprises.
Netflix, which has over 100 million users across the globe, today introduces its first bug bounty program that's open to the public, with rewards that can reach $15,000 for the most-valuable findings that security researchers report.
"We started our program with a more limited scope and 100 of Bugcrowd’s top researchers," says Netflix. The video streaming service received 275 reports, 145 of which were proved to be "valid submissions." Netflix claims that "they have helped [it] improve [its] external security posture and identify systemic security improvements across [its] ecosystem."
Netflix indicates that the maximum reward it offered so far may not be set in stone. It's possible that a much more damaging vulnerability could be worth more to the company. "Our security engineers also have the autonomy and freedom to make reward decisions quickly based on the reward matrix and bug severity," explains Netflix.
It's worth noting that Netflix is not the only entity interested in finding vulnerabilities pertaining to its service, as others would happily pay for a way into its systems. A severe vulnerability could expose customer information, affect the availability of the service and more.
Netflix is quick to point out that security researchers who submit bug reports should expect to hear back within a couple of days. The average response time is 2.7 days, it says. The minimum reward is $100, per Netflix' bug bounty program landing page, so even lower-level findings are appreciated.