Home   »   News   »   Cloudflare Brings Out Bug Bounty Program
Cloudflare Launched Paid Bug Bounty Program

Cloudflare Brings Out Bug Bounty Program

News February 4th 2022

Cloudflare is headquartered in an American company that primarily focuses on web infrastructure and website security. So, to enhance their expertise, Cloudflare recently announced that they are planning a new public bug bounty program soon.


Paid Big Bounty Program Launched By Cloudflare

Rushil Shah, Product Security Engineer at Cloudflare stated that – they are now launching Cloudflare’s paid public bug bounty program.

Further, he added that we believe that bug bounties are an essential part of every security team’s toolbox. Hence, they have been working very hard to improve and expand their private bug bounty program over the last few years. Well, their hard work paid off.

The newly launched bug bounty program is based on the vulnerability disclosure program without cash bounties that were created back in 2014. Though, the program is still in a new phase, so till now, Cloudflare has received 1,197 reports from which only 13% are valid. This rate is still low because researchers were struggling to understand the infrastructure and products.

Back in 2018, Cloudflare had launched a private bug bounty program that focused on providing a better experience for researchers. By mid-Jan-2022, Cloudflare received an award worth $211,512 for its in-scope vulnerabilities, which grew up from $4,500 in 2018 to $101,075 in 2021.

Cloudflare has also released a sandbox named CumlusFire before the release of a new public bounty program, which provides bug hunters with a standardized playground to test exploits.


Cloudflare’s New Bug Bounty Program Explained

From now, if security vulnerabilities are found in Cloudflare products then bug hunters can report them through the company’s new public bug bounty program, hosted on the HackerOne platform.

The breakdown of bounty awards for targets based on the issues’ CVSS3 severity rating is:

Severity

Critical (9.0 – 10.0) High (7.0 – 8.9) Medium (4.0 – 6.9) Low (0.1 – 3.9)

Primary Targets

$3,000

$1,000

$500

$250

Secondary Targets

$2,700

$750 $350

$200

Other $2,100 $500 $200

$100

 

Mitigating factors and Cloudflare’s business risk assessment may hamper a lower security rating.


If you enjoyed reading this news, you are surely going to cherish these too –