Cloudflare, a leading provider of web infrastructure and security solutions, has unveiled its new public bug bounty program, now open to all security researchers and bug hunters. The program is hosted on HackerOne and invites participants to report vulnerabilities found in Cloudflare’s products.
Program Evolution and Background
This public initiative follows Cloudflare’s earlier private bug bounty program, which began in 2018 after the company launched a vulnerability disclosure program in 2014. Over the course of the private program, Cloudflare awarded a total of $211,512 in bounties, with 292 out of 430 reported issues being eligible for rewards.
Reward Structure
The new public bug bounty program will offer rewards based on the severity of each vulnerability, using the Common Vulnerability Scoring System (CVSS) version 3 to determine the level of risk associated with each security flaw.
With the launch of the public program, Cloudflare aims to further strengthen its security posture and engage a broader community of security experts.