Today, Netflix has announced that it’s public bug bounty program. Prior to opening this program, the company carefully had a vulnerability disclosure program in place since 2013, and has now grown it into the new program. Since launch of the program back in 2013, the company has invited over 700 researchers to participate and has received 145 valid submissions. Now, the company’s new public program is on the Bugcrowd platform.
Many companies have their own bug bounty program that aim at pointing out security flaws before they come a widespread issue. For example, following the Meltdown and Spectre fiasco, Intel opening up a program. Apple launched its bug bounty program back in 2016 and other companies like Google, Samsung and Twitter all have their own bug bounty programs too.
In terms of pay, Netflix is paying out $1,102 on average for valid submissions. It’s worth mentioning that it has paid as high as $15,000 before. If you’re interested in seeing the company’s payout scale, you can do so here. Netflix’s report acknowledgement is 2.7 days and researchers that find an issue and Netflix fix it get added to the Security Researcher Hall of Fame.