Pinterest engineering blog

  • Back to all posts
  • May 27, 2014
  • Share

Introducing our bug bounty program

Paul Moreno

Paul is a security engineer at Pinterest

The security of Pinners is one of our highest priorities, and to keep Pinterest safe, we have teams dedicated to solving issues and fixing bugs. We even host internal fix-a-thons where employees across the company search for bugs so we can patch them before they affect Pinners.

Even with these precautions, bugs get into code. Over the years, we’ve worked with external researchers and security experts who’ve alerted us to bugs. Starting today, we’re formalizing a bug bounty program with Bugcrowd and updating our responsible disclosure, which means we can tap into the more than 9,000 security researchers on the Bugcrowd platform. We hope these updates will allow us to learn more from the security community and respond faster to Whitehats.

This is just the first step. As we gather feedback from the community, we have plans to turn the bug bounty into a paid program, so we can reward experts for their efforts with cash. In the meantime, Whitehats can register, report and get kudos using Bugcrowd. We anticipate a much more efficient disclosure process as a result, and an even stronger and bug-free environment for Pinners!

Paul Moreno is a security engineer at Pinterest.

Latest Article

Jul 29, 2015

Pinterest has a strong culture of building. As you walk into our San Francisco headquarters, you’ll immediately be surrounded by strong visual reminders – we like to build.


Mar 11, 2015

As we continue to build in a fast and dynamic environment, we need a workflow manager that’s flexible and can keep up with our data processing needs. After trying a few options, we decided to build one in-house.


Apr 24, 2015

Every day, tens of millions of people discover and save Pins on Pinterest, making the Pinning flow one of the most important features. It’s so important that we’re constantly and carefully making updates to it to ensure ease-of-use and fast load times.