New program follows a year-long personal VDP
Music-sharing web site Audiomack is launching a public bug bounty program to encourage safety researchers to share data on suspected vulnerabilities.
The artist-focused music streaming service is working with Bugcrowd to run its new vulnerability disclosure program (VDP).
Beforehand, Audiomack had run a non-public VDP, additionally with Bugcrowd, for round a yr.
The music service is now opening this as much as all safety researchers and can supply what it describes as aggressive rewards.
Audiomack doesn’t, although, state a most bounty.
In accordance with Sean Coker, director of engineering at Audiomack, the prevailing VDP has helped the music service to triage and validate potential vulnerabilities, permitting its in-house engineers to concentrate on deploying fixes.
Transferring to a public platform permits Audiomack entry to a wider vary of testing expertise, and “discover and repair crucial safety gaps earlier than they are often exploited”, Coker mentioned.
The VDP won’t cowl safety flaws associated to third-party distributors, brute-force assaults, or makes an attempt to make use of social engineering to achieve entry to Audiomack techniques.
Bugcrowd claims that the variety of crucial and high-severity vulnerabilities discovered by researchers on its platform grew by 73% from 2019 to 2020.