Cloudflare Brings Out Bug Bounty Program
News February 4th 2022Cloudflare is headquartered in an American company that primarily focuses on web infrastructure and website security. So, to enhance their expertise, Cloudflare recently announced that they are planning a new public bug bounty program soon.
Paid Big Bounty Program Launched By Cloudflare
Rushil Shah, Product Security Engineer at Cloudflare stated that – they are now launching Cloudflare’s paid public bug bounty program.
Further, he added that we believe that bug bounties are an essential part of every security team’s toolbox. Hence, they have been working very hard to improve and expand their private bug bounty program over the last few years. Well, their hard work paid off.
The newly launched bug bounty program is based on the vulnerability disclosure program without cash bounties that were created back in 2014. Though, the program is still in a new phase, so till now, Cloudflare has received 1,197 reports from which only 13% are valid. This rate is still low because researchers were struggling to understand the infrastructure and products.
Back in 2018, Cloudflare had launched a private bug bounty program that focused on providing a better experience for researchers. By mid-Jan-2022, Cloudflare received an award worth $211,512 for its in-scope vulnerabilities, which grew up from $4,500 in 2018 to $101,075 in 2021.
Cloudflare has also released a sandbox named CumlusFire before the release of a new public bounty program, which provides bug hunters with a standardized playground to test exploits.
Cloudflare’s New Bug Bounty Program Explained
From now, if security vulnerabilities are found in Cloudflare products then bug hunters can report them through the company’s new public bug bounty program, hosted on the HackerOne platform.
The breakdown of bounty awards for targets based on the issues’ CVSS3 severity rating is:
|
Severity |
Critical (9.0 – 10.0) | High (7.0 – 8.9) | Medium (4.0 – 6.9) | Low (0.1 – 3.9) |
|
Primary Targets |
$3,000 |
$1,000 |
$500 |
$250 |
|
Secondary Targets |
$2,700 |
$750 | $350 |
$200 |
| Other | $2,100 | $500 | $200 |
$100 |
Mitigating factors and Cloudflare’s business risk assessment may hamper a lower security rating.
If you enjoyed reading this news, you are surely going to cherish these too –
- Prime Is Developing New 9MW Data Center In Silicon Valley
- H5 Data Centers Declared Acquisition of 7 Data Centers From vXchnge
- Linux Server Faced RCE Attacks Due to Severe Bugs in CentOS
manvinder Singh
https://www.hostingseekers.com
Manvinder Singh is the Founder and CEO of HostingSeekers, an award-winning go-to-directory for all things hosting. Our team conducts extensive research to filter the top solution providers, enabling visitors to effortlessly pick the one that perfectly suits their needs. We are one of the fastest growing web directories, with 500+ global companies currently listed on our platform.
Trending Posts
-
6 Best WHMCS Alternatives For 2024 [Tested and Reviewed]
Table of Contents Introduction What is WHMCS? What is the Cost o...
-
SSD vs SAS vs SATA: Which Is Better For A Dedicated Server?
Summary: SSD vs SAS vs SATA drives in detail to determine which of these t...
-
Dell vs HP vs Lenovo- Which Is The Best Gaming Beast?
In our today’s blog, we will discuss Dell vs HP vs Lenovo to help you choos...
