• Skip to primary navigation
  • Skip to main content
  • Skip to footer
  • Home
  • Advertise With Us
  • Contact
  • Cookie Policy
    • Privacy statement (CA)
    • Cookie policy (CA)
    • Privacy statement (UK)
    • Cookie policy (UK)
    • Privacy statement (US)
    • Cookie Policy (US)
    • Privacy statement (EU)
    • Cookie policy (EU)
    • Disclaimer

TechWalls

Technology News | Gadget Reviews | Tutorials

  • Reviews
  • Tech News
  • Tech Guide
  • Gadget & Apps

Adobe kicks off vulnerability disclosure program without incentives

Updated on Mar 11, 2015 by Guest Authors

We have seen the rise of bug bounty programs in many large tech companies as a result of the growing threat landscape that, if unchecked, would bring tremendous damage to critical infrastructures and businesses.

Adobe is the newest to launch its own vulnerability disclosure program on the HackerOne platform. But unlike its peers, the company does not provide monetary incentives for researchers who would uncover flaws in the company’s products. This is in stark contrast with other companies like Google, which paid out $1.5 million to bug hunters in 2014 alone, and Facebook paid out $1.3 million for the thousands of submissions it received last year.

adobe-vulnerability

Furthermore, the scope of research covered in the program is limited only to Web applications, meaning that if a vulnerability is found in a certain Adobe product not specified within the program, it will be in vain. So if you found vulnerabilities in Adobe’s password reset, security headers, cookie flag, static pages and cross-site request forgery vulnerabilities, don’t bother reporting it to Adobe.

But Adobe still encourages researchers to submit vulnerabilities found in desktop applications such as Adobe Reader, Flash Player and Acrobat.

The only benefit that researchers can possibly gain from disclosing vulnerabilities in Adobe products is a boost to their score on HackerOne.

The vulnerability disclosure program is a vital step in Adobe’s Secure Product Lifecycle, which aims to test and invest in resources to evaluate products. This serves as a sort of consultation with the security research community at large. The value provided by the feedback from security researchers is indispensable, and Adobe must realize that a mere credit on the HackerOne platform might not be enough, unless some altruistic researchers are out there doing this job.

It can be recalled that security researchers started out with their vulnerability research being rewarded with a recognition in Microsoft’s bulletin during the early days. Times have changed, and with the exponential rise in threats, researchers need cash this time do continue doing their tasks.

At the very least Adobe can find ways to incentivize its vulnerability disclosure program. At worst, researchers might choose to sell the exploit to hackers in exchange for money. But in the first place, why would Adobe hesitate from paying security researchers when it has the resources?

One thing that many companies with bug bounty programs have in mind is to focus on removing security vulnerabilities as an entire class and not just a single fix that only leads to the birth of another vulnerability.

Disclosure: We might earn commission from qualifying purchases. The commission help keep the rest of my content free, so thank you!

Footer

VTOMAN FlashSpeed 1500 Portable Power Station Review

OpenRock S Review – Revolutionizing the World of Earbuds

KEF LS50 Bookshelf Speakers Review: A Sound Decision Over the LS50 Meta

ALLPOWERS SP033 200W Portable Solar Panel Review – Eco-Friendly Energy on the Go

Follow TechWalls

YoutubeFacebookTwitterInstagram

Recent Posts

  • VTOMAN FlashSpeed 1500 Portable Power Station Review
  • OpenRock S Review – Revolutionizing the World of Earbuds
  • AiDot OREiN & Linkind Matter Smart Light Bulb Review
  • OKP L1 Robot Vacuum Cleaner Review – Affordable Robot with LiDAR Navigation

Copyright © 2023 · All Rights Reserved

Manage Cookie Consent
We use technologies like cookies to store and/or access device information. We do this to improve browsing experience and to show personalized ads. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional cookies Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage {vendor_count} vendors Read more about these purposes
View preferences
{title} {title} {title}