NEW YORK — RedTube announced today the public launch of a bug bounty program through HackerOne, a vulnerability disclosure and bug bounty platform.
The program will reward security researchers that find glitches on RedTube’s site with bounties as high as $25,000. Researchers are eligible to qualify for a reward if they are the first to responsibly disclose an unknown issue through the site’s HackerOne page.
“RedTube joins a number of technology giants that have recently implemented Bug Bounty programs,” said Alex Taylor, vice president of RedTube. “By relying on outside forces, we are able to offer an added layer of security to prevent incidents of widespread abuse.
“It is very important for us to continuously stay as many steps ahead of potential online threats as soon as possible, ensuring not only the security of our site but that of our users, which is paramount to us.”
The bounties, which range from $50 to $25,000, are dependent upon the vulnerability reported and are granted entirely at the discretion of RedTube, Taylor said.
To qualify, one must 1) be the first to report a technical security vulnerability, 2) send a clear textual description of the report along with steps to reproduce the vulnerability, 3) include attachments such as screenshots or proof of concept code and 4) disclose the vulnerability report directly and exclusively to RedTube. The platform's security team in turn has 30 days to respond to the report, and up to 90 days to implement a fix based on the severity of the report.
Taylor said the implementation of such programs continues to gain popularity as many companies are opting for more creative and forward-thinking ways of staying ahead of the next big security vulnerability.
By relying on outside forces, RedTube is able to offer an added layer of security to prevent incidents of widespread abuse, he said.