“We highly encourage the whitehat hacker community to use our program and report bugs, which helps us keep Pinners safe and increase our security posture,” -Paul Moreno, former Sr. Security Engineer, Pinterest
VentureBeat | Pinterest beefs up security with full HTTPS support and bug bounty program
Startup Pinterest has been striving to improve the security of its web and mobile apps for “pinning” pictures and other content to “boards.” In recent months Pinterest has made all pages on its website load with the HTTPS protocol, for instance.
Pinterest has also established a bug bounty program through startup BugCrowd that rewards researchers for uncovering and disclosing security vulnerabilities affecting the startup’s apps, the company is announcing today.
“Prior to the HTTPS migration, we were hesitant to open a paid bug bounty program because of a number of known vulnerabilities associated with being only HTTP,” Paul Moreno, security engineering lead, on Pinterest’s cloud team, wrote in a blog post on the news. “Now that a number of gaps have been closed as a result of the migration, we’re happy to announce that we’ve upgraded the program with payouts results, with a 10x increase in reports since launching the paid program.”
When you have millions of users around the globe, as Pinterest does, keeping them protected is important. So it’s not surprising to see Pinterest taking action on that front.
Obviously, Pinterest wants to improve the security of its apps even more going forward.
“We highly encourage the whitehat hacker community to use our program and report bugs, which helps us keep Pinners safe and increase our security posture,” Moreno wrote.
The startup will also focus engineering efforts on the Chromium open-source browser project with the goal of preloading its domain, in order to avoid SSL stripping the first time someone visits the Pinterest site, Moreno wrote.
San Francisco-based Pinterest last month was reported to be raising $500 million at an $11 billion valuation.
Check out the full blog post to read about challenges Pinterest encountered in transitioning from HTTP to HTTPS.