{"id":7449,"date":"2022-02-04T18:30:12","date_gmt":"2022-02-04T18:30:12","guid":{"rendered":"https:\/\/www.hostingseekers.com\/blog\/?p=7449"},"modified":"2025-03-06T10:56:09","modified_gmt":"2025-03-06T10:56:09","slug":"cloudflare-brings-out-bug-bounty-program","status":"publish","type":"post","link":"https:\/\/www.hostingseekers.com\/blog\/cloudflare-brings-out-bug-bounty-program\/","title":{"rendered":"Cloudflare Brings Out Bug Bounty Program"},"content":{"rendered":"

Cloudflare is headquartered in an American company that primarily focuses on web infrastructure and website security. So, to enhance their expertise, Cloudflare recently announced that they are planning a new public bug bounty program soon.<\/span><\/p>\n

\n

Paid Big Bounty Program Launched By Cloudflare<\/b><\/h2>\n

Rushil Shah, Product Security Engineer at Cloudflare stated that \u2013 they are now launching <\/span>Cloudflare\u2019s paid public bug bounty program<\/span><\/a>.<\/span><\/p>\n

Further, he added that we believe that bug bounties are an essential part of every security team\u2019s toolbox. Hence, they have been working very hard to improve and expand their private bug bounty program over the last few years. Well, their hard work paid off.<\/span><\/p>\n

The newly launched bug bounty program is based on the vulnerability disclosure program without cash bounties that were created back in 2014. Though, the program is still in a new phase, so till now, Cloudflare has received 1,197 reports from which only 13% are valid. This rate is still low because researchers were struggling to understand the infrastructure and products.<\/span><\/p>\n

Back in 2018, Cloudflare had launched a private bug bounty program that focused on providing a better experience for researchers. By mid-Jan-2022, Cloudflare received an award worth $211,512 for its in-scope vulnerabilities, which grew up from $4,500 in 2018 to $101,075 in 2021.<\/span><\/p>\n

Cloudflare has also released a sandbox named CumlusFire before the release of a new public bounty program, which provides bug hunters with a standardized playground to test exploits.<\/span><\/p>\n

\n

Cloudflare\u2019s New Bug Bounty Program Explained<\/b><\/h3>\n

From now, if security vulnerabilities are found in Cloudflare products then bug hunters can report them through the company\u2019s new public bug bounty program, hosted on the HackerOne platform.<\/span><\/p>\n

The breakdown of bounty awards for targets based on the issues\u2019 CVSS3 severity rating is:<\/span><\/p>\n\n\n\n\n\n\n
\n

Severity<\/span><\/p>\n<\/td>\n

Critical (9.0 – 10.0)<\/span><\/td>\nHigh (7.0 – 8.9)<\/span><\/td>\nMedium (4.0 – 6.9)<\/span><\/td>\nLow (0.1 – 3.9)<\/span><\/td>\n<\/tr>\n
\n

Primary Targets<\/span><\/p>\n<\/td>\n

\n

$3,000<\/span><\/p>\n<\/td>\n

\n

$1,000<\/span><\/p>\n<\/td>\n

$500<\/span><\/td>\n\n

$250<\/span><\/p>\n<\/td>\n<\/tr>\n

\n

Secondary Targets<\/span><\/p>\n<\/td>\n

\n

$2,700<\/span><\/p>\n<\/td>\n

$750<\/span><\/td>\n$350<\/span><\/td>\n\n

$200<\/span><\/p>\n<\/td>\n<\/tr>\n

Other<\/span><\/td>\n$2,100<\/span><\/td>\n$500<\/span><\/td>\n$200<\/span><\/td>\n\n

$100<\/span><\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

 <\/p>\n

Mitigating factors and Cloudflare\u2019s business risk assessment may hamper a lower security rating.<\/span><\/p>\n

\n

If you enjoyed reading this news, you are surely going to cherish these too \u2013<\/em><\/h4>\n