Security News > 2020 > October > TikTok Launches Bug Bounty Program Amid Security SNAFUs

TikTok Launches Bug Bounty Program Amid Security SNAFUs
2020-10-16 13:26

TikTok has expanded its vulnerability disclosure policy to include a global bug-bounty program through a partnership with the ethical hacker platform HackerOne.

Hackers who find critical vulnerabilities in TikTok's platform can receive between $6,900 to $14,800 according to the program, which marks the first time TikTok has invited the public security community to analyze its platform for vulnerabilities.

"This partnership will help us to gain insight from the world's top security researchers, academic scholars and independent experts to better uncover potential threats and make TikTok's security defenses even stronger," Luna Wu from TikTok's global security team said in a Thursday blog post unveiling the partnership.

The program invites ethical hackers to submit a wide range of vulnerabilities in the app, including those related to: XSS, CSRF, SSRF, SQL Injection, ROP or JOP; reproducible crashes with stack traces; leaked or hard coded sensitive credentials; exploitable, dangerous APIs; control flow hijacking attacks; user data leaks; authentication or authorization vulnerabilities; or access to internal TikTok resources.

It's unclear if this deal is what is encouraging TikTok custodians to be more transparent about app security, but the expanded bug bounty program will likely improve its overall security and thus its standing with the tech security world at large, observers said.


News URL

https://threatpost.com/tiktok-bug-bounty-security/160203/