News

Netflix Opens Bug Bounty Program Worth Up to $15,000 USD

Using Hacking Skills for Good (and Profit)

Netflix has launched their public bug bounty program, offering $1oo to $15,000 USD (hard cap) for each find. The invitation is open to everyone including researchers and white hat hackers to try and find vulnerabilities in their platform. Netflix has actually been accepting security reports from hackers and patching bugs for the past five years. However, this bug bounty scheme is moving from private to public and is being hosted on the Bugcrowd platform.

With Netflix having over 117 million members worldwide, keeping the platform secure is just going to get tougher. Which is why opening up the bounty program to the greater public is an ideal move. Furthermore, it helps Netflix strengthen community involvement. There are of course, some rules to consider to be eligible.

What Guidelines Must Bug Bounty Hunters Abide By?

Netflix requires that researchers abide by the following:

  • Do not access customer or employee personal information, pre-release Netflix content, or Netflix confidential information. If you accidentally access any of these, please stop testing and submit the vulnerability.
  • Stop testing and report the issue immediately if you gain access to any non-public application or non-public credentials.
  • Do not degrade the Netflix user experience, disrupting production systems, or destroy data during security testing.
  • Perform research only within the scope set out below.
  • Use the Bugcrowd report submission form to report vulnerability information to us.
  • Collect only the information necessary to demonstrate the vulnerability.
  • Submit any necessary screenshots, screen captures, network requests, reproduction steps or similar using the Bugcrowd submission form (do not use third party file sharing sites).
  • When investigating a vulnerability, please only target your own account and do not attempt to access data from anyone else’s account.
  • Follow the Bugcrowd “Coordinated Disclosure” rules.

What Will Netflix Do With Submissions?

The streaming platform will work with the bounty hunter to understand and attempt to resolve the issue within 7 days of submission. They also are going to have a Security Researcher Hall of Fame wherein names of the contributors who discover vulnerabilities first are placed. Those who submit reports that results in Netflix changing congifuration will also be added in the hall of fame.

Most importantly, submissions earn money. The range is from $100 to $15,000 and the typical average has been $1,000 per-find so far from the private submissions. Understandably, only the gravest of security threat submissions will net the top $15,000 reward (P1 priority).

For more information, visit the Netflix Bugcrowd website.

Ron Perillo

Disqus Comments Loading...

Recent Posts

Intel Unveil its Raptor Lake Desktop Processors – Core i9-13900K = $589(?)

Intel has formally announced the launch of its new upcoming Raptor Lake (Raptor Lake-S) desktop…

10 hours ago

Intel Confirms Arc A770 to Release on October 12th for $329

After months and months of speculation, and more than a few apparent delays, Intel Arc…

10 hours ago

Where to Watch the Intel Innovation (Raptor Lake/Arc Launch?) Livestream!

Intel is officially kicking off its Innovation event today at 5 PM UK time and…

11 hours ago

Nvidia 40XX 12VHPWR Adapters WILL NOT Blow Up Your PSU! – Video

Earlier this month, information appeared online from the PCI-SIG (effectively the I/O hardware cabling regulator)…

12 hours ago

Gigabyte M32UC 32″ Curved 4K 144Hz Gaming Monitor Review

The biggest compromise for most when purchasing a new monitor is often the price, so…

15 hours ago

Amazon UK Leaks(?) Intel Raptor Lake Processor Prices

Intel is expected to officially launch its new 13th-gen Raptor Lake desktop processors later today…

19 hours ago