Vulnerability Management

Adobe’s new bug bounty program rewards researchers with HackerOne rep scores

Adobe launched a web application vulnerability disclosure program earlier this week with rewards coming in the form of a boosted reputation score on HackerOne.

No cash rewards will be doled out as of right now, a blog post on the program says. To receive credit for a finding, researchers must be the first one to report the vulnerability and provide enough time to patch the bug before publicly disclosing it.

Eligible web application vulnerabilities include cross-site scripting, server-side code execution, authentication or authorization flaws, and directory traversal, among others.

Any vulnerabilities affecting Adobe desktop products, such as Flash Player, or enterprise on-premise solutions need to be reported via email to the Product Incident Response Team, according to a HackerOne blog post.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.