Steve Huffman CEO at Reddit, delivers remarks during the Web Summit in Altice Arena on November 08, 2017 in Lisbon, Portugal. (Photo by Horacio Villalobos – Corbis/Getty Images)
Reddit announced Wednesday that it is taking its bug bounty program public. The popular social news site and community forum platform has run a private program with HackerOne for the past three years, but hopes that by going public, it can more quickly address vulnerabilities, improve its defenses and keep the platform secure.
“We’ve seen great engagement and success to date, having awarded $140,000 in bounties across 300 reports covering the main reddit.com platform, which worked well for our limited scope during the private program,” the company said in a press release. “With our continued growth and visibility, we’re now ready to make the program public and expand participation to anyone wanting to make a meaningful security impact on Reddit.”
Reddit security wizard Spencer Koch said the company has always leveraged the community to help find and fix bugs in the platform; that’s how the company found several of its engineers over the years. Koch said the security team started back in 2018 when Reddit formalized its private bug bounty program. As Reddit grew in size and influence over the years, it scaled the program by expanding its scope, improving bounty payouts, and supporting security researchers with context and insight into how Reddit works.
Spencer said that when a hacker finds a bug, the security team does an initial triage to gauge its severity; otherwise, it will let HackerOne’s triage service do the initial screening, reproduction info ..
Support the originator by clicking the read the rest link below.
