Netflix has launched a public bug bounty program, providing an opportunity to security researchers to find vulnerabilities in their entertainment platform, meanwhile getting paid up to $15,000.
Since 2013, Netflix has been doing this program privately. However, this year the entertainment streaming company is opening the contest to the general public. The company has collaborated with Bugcrowd, a crowdsourcing security platform, to manage and evaluate submissions. A clear set of rules have been defined to tell the eligibility for a payout.
Bounty hunters have to follow a set of guidelines that strictly indicates that they cannot access non-public data or information about the users and employees. The researchers can only target their account to investigate a vulnerability. Hacking and stealing an unreleased Netflix show is a no-go area, however pulling off remote code execution may get researchers a bounty between $100 to $15,000, depending on the vulnerability. If the guidelines are followed, Netflix will not pursue a lawsuit against a researcher in order to foster the notion of responsible disclosure.
In addition to the bounty awarded, the researchers with valid submissions have the incentive of working with Netflix to resolve the vulnerabilities identified. If Netflix makes a configuration to a code based on the report that came first, the researcher will be recognized and added to the Security Researcher Hall of Fame.
Netflix has received over 275 submissions after the program launched. However, only 145 have deemed to be valid indicating a number of critical levels across the platform’s services. These submissions have enabled Netflix to identify improvements in the systemic security across their ecosystem and improve their external security,
The bug bounty program indicates that Netflix is putting rigorous efforts to make their system secure against hackers. Last year, Microsoft and Google also announced similar programs. In the past, Pakistani bounty hunter, Rafay Baloch has scored bounties identifying vulnerabilities in Google Chrome & Firefox browsers.