Adobe launched a web application vulnerability disclosure program earlier this week with rewards coming in the form of a boosted reputation score on HackerOne.
No cash rewards will be doled out as of right now, a blog post on the program says. To receive credit for a finding, researchers must be the first one to report the vulnerability and provide enough time to patch the bug before publicly disclosing it.
Eligible web application vulnerabilities include cross-site scripting, server-side code execution, authentication or authorization flaws, and directory traversal, among others.
Any vulnerabilities affecting Adobe desktop products, such as Flash Player, or enterprise on-premise solutions need to be reported via email to the Product Incident Response Team, according to a HackerOne blog post.