Netflix launches a public bug bounty program

Netflix announced a public bug bounty program through Bugcrowd on Thursday, the latest win for an industry and a company that’s growing at an insane clip.

Last month, Bugcrowd took in a $26 million round of funding after opening new offices in London and Sydney.

Netflix has had a vulnerability disclosure program since 2013. Over the past five years, the program expanded in both scope and bounty size, including a $15,000 payout on an unspecified critical vulnerability.

That amount continues to be the monetary ceiling for bounties under the public program.

The decision to go public opens up the service to any vulnerability hunter signed up with Bugcrowd. That means the California-based streaming service joins everyone from the U.S. military to Mastercard and Twilio in launching a public bug bounty program.

Merely having a program is rarely enough. In a climate where security researchers and journalists have been targeted by litigious tech firms, companies are finding to new ways to improve their programs.

For instance, Dropbox revamped their vulnerability disclosure process to protect researchers from litigation, pressing other companies to do the same.