Grindr Launches Bug Bounty Program in Partnership With HackerOne
HackerOne helps organizations identify and address vulnerabilities before they can be exploited. Over the past few years, Grindr has performed a series of third-party penetration tests as part of our cybersecurity strategy; and while regular penetration testing will continue to be a key part of our strategy, this partnership adds to our multi-layered approach for all of our cybersecurity functions.
We believe HackerOne will be an effective complement to traditional penetration testing. Traditional penetration tests typically rely on a small team of security experts with deep experience finding exploits in applications. They’re a mainstay, but there may be limits to what a small team can do. HackerOne approaches the goal from the opposite angle. They open up penetration testing to a wide range of hackers with varying levels of expertise and areas of focus. Given this, we’re carefully scoping our HackerOne program to maximize the value of the vulnerabilities it surfaces. And of course, our engineering team prioritizes fixing those vulnerabilities above all other priorities. If you’re a security researcher, you can head over to our vulnerability report page to participate in the bug bounty program.
As a further measure, we’ve created an improved process for security-related reports to escalate directly from our customer service department to our security team and engineers. An effective security program takes awareness and commitment from across an organization, and we’re making sure everyone on the Grindr team has the knowledge they need to do their part.
Grindr is a part of a vibrant community and we’re 100% committed to ensuring our users’ security. We’re taking a multi-layered approach to protecting our users by employing traditional pen testing, HackerOne, and improved security report escalation. The rapid identification of vulnerabilities is only one part of our cybersecurity strategy, and we look forward to sharing more with you in future posts.
If you’re a security researcher with an interest in the Grindr HackerOne program, then check out the Grindr HackerOne directory page for more info.
-Tom Quisel, Chief Technology Officer | LinkedIn