In late April, Chris Poole, also known as moot, founder 4chan, announced that website was violated and data had been leaked. Although belatedly, to prevent future such incidents, the company announced, not only additional security measures, but also a bug program bounty.
Poole announced it reward program to those who find vulnerabilities on the company's website a few hours ago. The new vulnerability disclosure program is powered by hackerone.
"We hope that by formally rewarding security researchers who report security-related errors, we will be better able to detect and address vulnerabilities that may affect the site and its users," Poole said.
"Security remains a constant priority and commitment for us. Thank you again for being with us, and sorry if we have disappointed you. ”
The websites included in bug bounty are 4chan.org, 4channel.org, 4cdn.org and their subdomains.
The company explains that if vulnerabilities are found in third-party services (CloudFlare or nginx) they should be reported to the specific Companies and not on 4chan. However, the company is willing to publish the names of those who discover such flaws in its Hall of Fame.
Currently, 4chan does not offer any rewards to cash. Όσοι αποκαλύπτουν security gaps they will only be recognized in the company's Hall of Fame and will have a 4chan Pass valid for one year. The value of the 4chan Pass does not exceed 20 dollars.
The company's reward amount does not promise the arrival of large security researchers, as they prefer to deal with the discovery vulnerabilities from companies that pay handsomely.
Security experts who may have questions about 4chan's new bug bounty program can email security at 4chan.org.