Magento backs down on plan to shut down bug bounty program

Magento backs down on plan to shut down bug bounty program

Magento’s bug bounty program won’t be ditched at all after news leaked out that the e-commerce platform provider was planning to end the rewards-based program. Magento, which is now an Adobe company, has announced that it will continue with the initiative that was first launched in 2014.

In a statement, Magento clarified that it will carry over the current bounty payment schedule. It also expressed willingness to continue its long-standing collaboration with the online security research community as part of efforts to improve the online security of the platform.

Magento bug bounty program

The Magento bug bounty program has been active for the last three years.  Researchers who successfully find and identify bugs on the platform are rewarded with payouts as high as $10,000 for every vulnerability report.

The program is considered one of the most popular initiatives in the open source online security community.  Through it, 284 bugs were uncovered and prevented abuse by crooks. Those bugs were then fixed by Magento as well as the online community.

Through the program, theft of credit card data was prevented. Merchant-users were also spared from having to waste time, effort, and money in fighting potential hacks. And more importantly, the program helped Magento to build a good reputation with its clients.

Magento reversal

Just days after the news leaked out to the media, Magento announced that it was shelving the plan. The announcement was met positively especially by the bug hunting community.

Aside from providing huge benefits to Magento website owners, the scheme was seen to be an effective bug hunting scheme that capitalized on the synergy of the online bug hunting community.

It also showed that Magento, despite now being owned by Adobe, still acknowledges the support of groups that had made it successful through the years.