Reddit is taking its bug bounty program public

Now anyone can hunt for bugs on Reddit

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Reddit has announced that it will be taking itsbug bounty programpublic after running it privately withHackerOnefor the past three years.

In aposton the news aggregator and discussion forum’s site, the company’s security wizard Spencer Koch provided more details on the success of its bug bounty program so far, saying:

“This program has allowed us to quickly address vulnerabilities, improve our defenses, and help keep our platform secure alongside our own teams’ efforts. We’ve also seen great engagement and success to date, having awarded $140,000 in bounties across 300 reports covering the main reddit.com platform, which worked well for our limited scope during the private program.”

Now though, Reddit plans to expand the scope of the program to help improve the security of its site as well as itsmobile apps.

Public bug bounty program

In aninterviewwith HackerOne, Koch explained that Reddit started its security team back in 2018 after formalizing its private bug bounty program. This was also the same year thesite was hackedand the personal data of some users was exposed in a data breach.

According to Koch, Reddit’s security team performs an initial triage to gauge the severity of a bug after a vulnerability is reported. However, sometimes the company allows HackerOne’s triage service to do the initial screening, reproduction information gathering and sanity check before its senior security engineers take a look at a bug.

Now that Reddit’s bug bounty program is open to the public, anysecurity researcherorwhite hat hackercan look for bugs on the platform. Once a bug is found, they can earn $100 for low severity bugs, $500 for medium ones, $5,000 for high ones and $10,000 for discovering a critical vulnerability.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Those interested in hunting for bugs on Reddit can find out more information on its bug bounty programhereincluding the program terms, severity determination and what vulnerabilities are out-of-scope for the program.

ViaSC Magazine

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.

Should your VPN always be on?

This new malware utilizes a rare programming language to evade traditional detection methods

This new phishing strategy utilizes GitHub comments to distribute malware