Startup Pinterest has been striving to improve the security of its web and mobile apps for “pinning” pictures and other content to “boards.” In recent months Pinterest has made all pages on its website load with the HTTPS protocol, for instance.
Pinterest has also established a bug bounty program through startup BugCrowd that rewards researchers for uncovering and disclosing security vulnerabilities affecting the startup’s apps, the company is announcing today.
“Prior to the HTTPS migration, we were hesitant to open a paid bug bounty program because of a number of known vulnerabilities associated with being only HTTP,” Paul Moreno, security engineering lead, on Pinterest’s cloud team, wrote in a blog post on the news. “Now that a number of gaps have been closed as a result of the migration, we’re happy to announce that we’ve upgraded the program with payouts results, with a 10x increase in reports since launching the paid program.”
When you have millions of users around the globe, as Pinterest does, keeping them protected is important. So it’s not surprising to see Pinterest taking action on that front.
Several other companies have adopted HTTPS — last year Google started prioritizing sites using the protocol. And the bug bounty system is becoming more common as well.
Obviously, Pinterest wants to improve the security of its apps even more going forward.
“We highly encourage the whitehat hacker community to use our program and report bugs, which helps us keep Pinners safe and increase our security posture,” Moreno wrote.
The startup will also focus engineering efforts on the Chromium open-source browser project with the goal of preloading its domain, in order to avoid SSL stripping the first time someone visits the Pinterest site, Moreno wrote.
San Francisco-based Pinterest last month was reported to be raising $500 million at an $11 billion valuation.
Check out the full blog post to read about challenges Pinterest encountered in transitioning from HTTP to HTTPS.