Netflix Hits $1 Million Milestone in Bug Bounty Rewards

Recently, Netflix reported that since the launch of its Bug Bounty program in 2016, the streaming giant has paid researchers over one million dollars in rewards for identifying bugs and vulnerabilities in the company’s products.

To date, more than 5,600 researchers have participated in this program, submitting around 8,000 unique vulnerability reports. Rewards were issued for 845 vulnerabilities, with more than a quarter of these classified as critical.

Additionally, the company announced its decision to transition from the Bugcrowd vulnerability management platform, which it had used since 2018, to HackerOne. With HackerOne, Netflix promises to improve report processing, increase rewards, expand coverage, launch exclusive private programs, and provide better feedback for researchers.

Researchers can earn between $300 and $5,000 for issues such as authorization bypasses and obtaining private keys. For vulnerabilities related to corporate assets, rewards can reach up to $10,000, and for critical vulnerabilities affecting the Netflix.com domain, rewards can go as high as $20,000. The program also covers the streaming service’s mobile applications.

The company invites all interested parties to join the Bug Bounty program on the HackerOne platform and expresses sincere gratitude to the researcher community for their ongoing support and contributions to ensuring the security of the service.