Adobe is reportedly starting a bug bounty program that does not reward researchers with cash.
The program to disclose vulnerabilities in the company's web applications was announced today but started last month, through platformς HackerOne which is used by Twitter, Yahoo, and Cloudflare, but they provide cash or other rewards to those who find security loopholes.
Adobe's program looks for common flaws such as: “cross-site scripting, privileged cross-site request forgery, server-side code execution, authentication or authorisation flaws, injection vulnerabilities, directory traversal, information disclosure, and significant security misconfiguration. ”
"In recognition of the important role that independent security researchers play in maintaining Adobe security, Adobe launches a web application for a vulnerability detection program on the HackerOne platform." said Adobe Pieters Ockers security program administrator.
Of course, Internet security professionals are well aware that the company's products are among the most vulnerable in the market today. Adobe Flash Player and Adobe Acrobat are the hacker's favorite targets.
Adobe has decided not to give cash to researchers who will waste labor hours looking at its code. Let's remind that the company has no financial problem, as its products are very popular sold very expensive. Perhaps the company lives with the illusion that this bug bounty will ensure its applications. Let's wait and see in the future whether the project was effective.
Perhaps this is why the company's products continue to be susceptible. Rather security comes second, or better, Adobe has wrong priorities.