Adobe has reportedly launched one program bugs bounty which does not reward researchers with cash.
The program to reveal vulnerabilities in the company's web applications was announced today, but it started last month via the platform HackerOne which is used by Twitter, Yahoo, and Cloudflare, but they provide cash or other rewards to those who find security loopholes.
The Adobe program looks for common flaws such as: "cross-site scripting, privileged cross-site request forgery, server-side code execution, authentication or authorization flaws, injection vulnerabilities, directory traversal, information disclosure, and significant security misconfiguration."
"In recognition of the important role that independent security researchers play in maintaining Adobe security, Adobe launches a web application for a vulnerability detection program on the HackerOne platform." said Adobe Pieters Ockers security program administrator.
Of course, those who deal with it Internet safety they know very well that the company's products are among the most fragile currently on the market. Adobe Flash Player and Adobe Acrobat are the favorite targets of hackers.
Adobe has decided not to give cash to researchers who will waste labor hours looking at its code. Let's remind that the company has no financial problem, as its products are very popular sold very expensive. Perhaps the company lives with the illusion that this bug bounty will ensure its applications. Let's wait and see in the future whether the project was effective.
Perhaps this is also the reason why the company's products continue to be fragile. Probably safety comes second, or better Adobe has its priorities wrong.