May 29, 2024 at 05:24AM
Netflix has paid out more than $1 million to over 5,600 researchers since starting its bug bounty program in 2016. The move to the HackerOne platform promises increased rewards and expanded coverage, with potential payouts between $300 and $20,000 per vulnerability. However, its response to a researcher’s findings about illegal movie downloads remains unclear.
From the meeting notes, here are the key takeaways regarding Netflix’s bug bounty program:
– Netflix has paid out over $1 million for reported vulnerabilities since the launch of its bug bounty program in 2016.
– More than 5,600 researchers have contributed to the program, submitting nearly 8,000 unique vulnerability reports.
– Rewards are offered for critical and high severity vulnerabilities, with some earning bug hunters up to $20,000.
– The bug bounty program’s scope covers content authorization issues, corporate assets, and mobile applications.
– Netflix recently moved its bug bounty program to the HackerOne platform, promising enhanced triage, increased bounty ranges, expanded scope, exclusive private programs, and researcher feedback loops.
Additionally, the notes mention that a researcher’s demonstration of vulnerabilities in Microsoft’s PlayReady technology had implications for popular streaming services, including Netflix, but it’s unclear whether this attack would qualify for Netflix’s bug bounty program.