Karthik Rangaraja, the security lead of stock and crypto trading app Robinhood, announced in a recent blog post that the platform had increased its bug bounty program top prize to $50,000. It has also updated some terms of the program on its HackerOne page. The post clarified the kind of reports that the company is seeking and defined the eligibility of different bug reports as well.
What Is the Bounty Range?
The bounty program provides anywhere between $100 to $50,000 as rewards to the bounty hunter. A remote code execution (RCE) can earn $25,000 to $50,000, while a significant accounting manipulation or an SQL injection can earn $15,000 to $25,000. The smallest bounty of $100 is for open redirects.
“In the past, we weren’t always clear about the types of reports we were looking for, or how we’d reward researchers for filing those reports — so we’re launching a new program with bounty ranges for specific types of vulnerabilities (or ‘bugs’).”
He said the eligible vulnerabilities and rewards could change over time and suggested that bugs that don’t fit in any of the categories listed on their HackerOne page will also be rewarded.
According to Rangarajan, Robinhood intends to become a popular target for security researchers, so potential bugs could be found.
A Leap Ahead of Others?
The crypto universe is filled with proactive companies that are trying to build a community around their offerings and are open to criticism. EOS, one of the largest blockchain-crypto platforms in the world by market cap, also reportedly paid $120,000 to a single researcher who found some bugs in its system.
On the other hand, there are companies like the John McAfee promoted BitFi wallet that is claiming to be “unhackable” and is reportedly threatening people who are sending them bug reports or who have successfully hacked their systems. The company and its promoter, John McAfee, were found openly mocking and criticizing researchers who wrote about the potential loopholes in the wallet’s codes.
The development of these two distinct lines of action as far as bug hunting is concerned helps in highlighting the company’s core values. Thankfully, there are more companies open to criticism that not only run bounty programs but also handsomely reward bug hunters for making their product better.
Robinhood Increases Reward Amount on Bug Bounty Program was originally found on [blokt] – Blockchain, Bitcoin & Cryptocurrency News.