Adobe is reportedly starting a bug bounty program that does not reward researchers with cash.
The program to reveal vulnerabilities in the company's web applications was announced today, but it started last month via the platform HackerOne which is used by Twitter, Yahoo, and Cloudflare, but they provide cash or other rewards to those who find security loopholes.
Adobe's program looks for common flaws such as: “cross-site scripting, privileged cross-site request forgery, server-side code execution, authentication or authorization flaws, injection vulnerabilities, directory traversal, information disclosure, and significant security misconfiguration.”
"In recognition of the important role that independent security researchers play in maintaining Adobe security, Adobe launches a web application for a vulnerability detection program on the HackerOne platform." said Adobe Pieters Ockers security program administrator.
Of course, those who deal with it better safety on the internet are well aware that the company's products are among the most fragile currently on the market. Adobe Flash Player and Adobe Acrobat are their favorite targets hackers.
Adobe has decided not to award cash to researchers who will waste man-hours looking into it code her. Let us remind you that the company does not have any financial problems, as its products are very popular and are sold very expensively. Perhaps the company lives under the illusion that this particular bug bounty will secure its applications. Let's wait and see in the future how effective the project was.
Perhaps this is why the company's products continue to be susceptible. Rather security comes second, or better, Adobe has wrong priorities.