In late April, Chris Poole, also known as moot, founder 4chan, announced that website was violated and leaked data. Although lately, to prevent future such events, the company announced, not only additional security measures, but also a bug bounty program.
Poole announced it reward program to those who find vulnerabilities on the company's website a few hours ago. The new vulnerability disclosure program is powered by hackerone.
"We hope that by formally rewarding security researchers who report security-related errors, we will be better able to detect and address vulnerabilities that may affect the site and its users," Poole said.
"Security remains a constant priority and commitment for us. Thank you again for being with us, and sorry if we have disappointed you. ”
The websites included in bug bounty are 4chan.org, 4channel.org, 4cdn.org and their subdomains.
The company explains that if vulnerabilities are detected in third-party services (CloudFlare or nginx), they should refer to those companies rather than 4chan. However, the company is willing to publish the names of those who find such defects in its Hall of Fame.
At present, 4chan does not offer any cash rewards. Those who reveal security vulnerabilities will only be recognized at the company's Hall of Fame and will have a 4chan Pass valid for one year. The value of the 4chan Pass does not exceed $ 20.
The reward of the company does not promise the arrival of large security researchers, as they are proposing to deal with the discovery of vulnerabilities by companies paying inexpensively.
Security experts who may have questions about 4chan's new bug bounty program can email security at 4chan.org.