When I hear the word 'vulnerability', I immediately think about the company that develops Flash Player. It seems that Adobe tends to agree with this assessment as it recently launched a new program which invites security researchers to track vulnerabilities in the company's website or online services and privately report them. The announcement was made this Wednesday in a blog post published by Pieter Ockers, the security program manager at Adobe.
However, unlike Facebook, Twitter, Mozilla and others who already have similar services up and running, Adobe doesn't offer any money for doing their work for them. Instead, you will get the glory and satisfaction of being publicly recognized by the company as the one who identified the respective flaw and a higher HackOne reputation score.
If you are unfamiliar with that name, HackerOne is a platform used by various IT companies to manage and receive reports about vulnerabilities found by independent sources in their programs, services, websites, etc. As it exempts companies from creating their own customized systems, this platform is very popular and attracted several huge names such as Yahoo, Dropbox, Airbnb or Vimeo. The reputation score is a feature which has been recently introduced on HackOne. As you've probably guessed, this function allows companies to rank the researchers who have accounts on the platform based on the accuracy of their reports. The higher your ranking is, the faster a company will react when you notify them about a security threat.
Adobe has a reputation for being a bit of a cheapskate when it comes to paying independent sources which helped them identify security threats in their products. However, the company said that it had always been able to find other ways to reward researchers, such as recommending them to their partners and customers. But in all honesty, I have to wonder who asks them for such recommendations? Asking Adobe about how to keep your products free of vulnerabilities, is basically the same thing as asking Jennifer Lawrence about how to keep your private photos from getting stolen.