Netflix Announces its First Public Bug Bounty Program.
Now Cyber Security researchers report the vulnerability to NetFlix in Bug Crowd Platform to keep it secure and safe.
Bug Bounty Program criteria between $100 – $15,000 as per vulnerability.
Netflix is an American entertainment company founded by Reed Hastings and Marc Randolph on August 29, 1997, in Scotts Valley, California. It specializes in and provides streaming media, video-on-demand online, and, DVD by mail. In 2013, Netflix expanded into film and television production as well as online distribution.
Netflix require that all researchers:
- Do not access customer or employee personal information, pre-release Netflix content, or Netflix confidential information. If you accidentally access any of these, please stop testing and submit the vulnerability.
- Stop testing and report the issue immediately if you gain access to any non-public application or non-public credentials.
- Do not degrade the Netflix user experience, disrupting production systems, or destroy data during security testing.
- Perform research only within the scope set out below.
- Use the Bugcrowd report submission form to report vulnerability information to us.
- Collect only the information necessary to demonstrate the vulnerability.
- Submit any necessary screenshots, screen captures, network requests, reproduction steps or similar using the Bugcrowd submission form (do not use third party file sharing sites).
- When investigating a vulnerability, please only target your own account and do not attempt to access data from anyone else’s account.
- Follow the Bugcrowd “Coordinated Disclosure” rules.
If you fulfill these requirements, Netflix will:
- Work with you to understand and attempt to resolve the issue quickly (confirming the report within 7 days of submission);
- Recognize your contribution to our Security Researcher Hall of Fame, if you are the first to report the issue and we make a code or configuration change based on the issue.
- Pay you for your research for unique vulnerabilities that meet the guidelines listed below if you are the first to report the issue to us using the Bugcrowd portal.
- To encourage responsible disclosure, Netflix will not bring a lawsuit against you or ask law enforcement to investigate you if we determine that your research and disclosure meets these requirements and guidelines.
We encourage researchers to focus their efforts in the following areas:
- Cross Site Scripting (XSS)
- Cross-Site Request Forgery (CSRF)
- SQL Injection (SQLi)
- Authentication related issues
- Authorization related issues
- Data Exposure
- Redirection attacks
- Remote Code Execution
- Business Logic
- MSL Protocol (https://github.com/Netflix/msl)
- Particularly clever vulnerabilities or unique issues that do not fall into explicit categories
- Mobile-specific API vulnerabilities
Check here for more details.