Netflix will pay you up to $15,000 to find and disclose security vulnerabilities
Netflix has opened up their bug bounty program to the publicBy Cohen Coberly
As security breaches and vulnerabilities become more common, many companies are taking additional steps to keep their userbase's information secure.
Indeed, following the recent disclosure of major vulnerabilities within modern CPU hardware, Microsoft opted to roll out an entirely new bug bounty program that could pay researchers up to $250,000 for discovering and responsibly disclosing any similar exploits in the future.
Now, it seems Netflix is following suit. In a blog post today, the company announced their decision to open up their private bug bounty program to the public.
Netflix's program, which has been available behind-the-scenes since September 2016, will reward security researchers with up to $15,000 for privately disclosing any eligible security vulnerabilities they find within Netflix's platform.
The company's bug-finding reward model covers four different severity tiers, ranging from a priority one exploit to a priority four exploit. The disclosure of the former will pay out $3,000 to $15,000 whereas the latter's discovery will only pay $100 to $300.
Interestingly, the only $15,000 payout Netflix has offered thus far went to a researcher who discovered a "critical vulnerability," putting Netflix's top payout for major bugs well behind that of other tech companies. According to the streaming platform's Bugcrowd page, the average vulnerability disclosure reward amounts to about $1,100 as of writing.
Regardless of the specifics, it's nice to see Netflix taking their users' security seriously.