Adobe launches cashless bug bounty

Adobe has launched its own program that stimulates hackers to find vulnerabilities in the company's products. The program is bound with the bug bounty platform HackerOne, and is limited to vulnerabilities affecting Adobe online services or its web properties.

HackerOne is also used by Twitter, Yahoo!, and CloudFlare, some of which provide cash or other rewards to those who disclose security bugs. However, unlike other tech giants, Adobe only offers public recognition for such contributions. Researchers who find vulnerabilities in Adobe's software will boost their their HackerOne reputation score.

Bugs of interest are those including cross-site scripting, server-side code execution, injections, authentication flaws and security misconfiguration. Low-severity cross-site request forgery, password reset issues, missing http security headers and cookie flags as well as clickjacking on static pages are excluded from the program.

"Bug hunters who identify a web application vulnerability in an Adobe online service or web property can now privately disclose the issue to Adobe while boosting their HackerOne reputation score," Pieter Ockers, security program manager at Adobe said. "We invite security researchers to view the disclosure guidelines available here."

"All vulnerabilities affecting Adobe desktop products (ex. Flash Player and Adobe Reader), or enterprise on-premise solutions should be reported via email to the Product Security Incident Response Team [PSIRT@adobe.com]," the company made sure to add.

Read more -here-

• OpenAI partners with Stack Overflow to make models better at coding
• Dropbox breach exposes customer credentials, authentication data
• Google: Passkey authentications top 1 billion across 400 million accounts
• FTC fines Razer for misrepresenting COVID masks as N95s
• FCC fines Verizon, AT&T other major carriers nearly $200 million for sharing customer data
• Federal regulators accuse Amazon executives of deleting messages