New changes and opportunities are coming for bug reporters.
To better align and help enhance the program, Magento consolidated their Bug Bounty Program with the Adobe program under one umbrella. Currently, Adobe uses HackerOne for issue reporting. And Magento will join them soon.
Starting January 28th, we encourage you to report Magento security issues you find to hackerone.com/magento. The site will be live the evening of Monday, January 28, 2019 (PST).
The updated program brings several improvements:
- Faster payments, after verification of the issue, not after release
- Quicker reviews and responses to your submissions
- Clarification of the program scope
- Alignment with Adobe for future endeavors
With the move, we aspire to review, investigate, respond, and reward your efforts with greater efficiency and support.
To participate in the new program, visit HackerOne to register, or use your existing account.
For all existing researchers using Bugcrowd, the platform will remain in read-only/open mode for some time to complete payments to all researchers for their contributions. Moving forward, we hope to see your continued reports to the new HackerOne system.