In late April, Chris Poole, also known as moot, founder 4chan, announced that website was violated and data had been leaked. Although belatedly, to prevent future such events, the company announced not only additional security measures, but also a program bug bounty.
Poole announced it reward program to those who discover vulnerabilities on the company's website a few hours ago. The new vulnerability disclosure program is powered by hackerone.
"We hope that by formally rewarding security researchers who report security-related bugs, we will be in a better position to detect and address vulnerabilities that may affect the website and its users," Poole said.
"Security remains a constant priority and commitment for us. Thank you again for being with us, and sorry if we have disappointed you. ”
The websites included in bug bounty are 4chan.org, 4channel.org, 4cdn.org and their subdomains.
Η εταιρεία αναφέρει επεξηγηματικά ότι εφόσον εντοπίζονται τα τρωτά points on third-party services (CloudFlare or nginx) should refer to the specific companies and not to 4chan. However, the company is willing to publish the names of those who discover such flaws in its Hall of Fame.
At present, 4chan does not offer any cash rewards. Those who reveal security vulnerabilities will only be recognized at the company's Hall of Fame and will have a 4chan Pass valid for one year. The value of the 4chan Pass does not exceed $ 20.
The reward of the company does not promise the arrival of large security researchers, as they are proposing to deal with the discovery of vulnerabilities by companies paying inexpensively.
Security experts who may have questions about 4chan's new bug bounty program can email security at 4chan.org.