In late April, Chris Poole, also known as moot, founder 4chan, announced that website was violated and they had leaked data. Αν και καθυστερημένα, για την πρόληψη μελλοντικών τέτοιων γεγονότων, η εταιρεία ανακοίνωσε, όχι μόνο επιπλέον μέτρα ασφαλείας, αλλά και ένα πρόγραμμα bug bounty.
Poole announced it reward program to those who discover vulnerabilities on the company's website a few hours ago. The new vulnerability disclosure program is powered by hackerone.
“We hope that by officially rewarding security researchers who submit errorτα που σχετίζονται με την ασφάλεια, θα είμαστε σε καλύτερη θέση να ανιχνεύουμε και να αντιμετωπίζουμε τρωτά σημεία που μπορεί να επηρεάσουν την ιστοσελίδα και τους χρήστες της” ανέφερε ο Poole.
"Security remains a constant priority and commitment for us. Thank you again for being with us, and sorry if we have disappointed you. ”
The websites included in bug bounty are 4chan.org, 4channel.org, 4cdn.org and their subdomains.
The company explains that if vulnerabilities are detected in third-party services (CloudFlare or nginx), they should refer to those companies rather than 4chan. However, the company is willing to publish the names of those who find such defects in its Hall of Fame.
Currently, 4chan does not offer any cash rewards. Those who disclose security gaps they will only be recognized in the company's Hall of Fame and will have a 4chan Pass valid for one year. The value of the 4chan Pass does not exceed 20 dollars.
The reward of the company does not promise the arrival of large security researchers, as they are proposing to deal with the discovery of vulnerabilities by companies paying inexpensively.
Security experts who may have questions about 4chan's new bug bounty program can email security at 4chan.org.
