Pinterest engineering blog

  • Back to all posts
  • May 27, 2014
  • Share

Introducing our bug bounty program

Paul Moreno

Paul is a security engineer at Pinterest

The security of Pinners is one of our highest priorities, and to keep Pinterest safe, we have teams dedicated to solving issues and fixing bugs. We even host internal fix-a-thons where employees across the company search for bugs so we can patch them before they affect Pinners.

Even with these precautions, bugs get into code. Over the years, we’ve worked with external researchers and security experts who’ve alerted us to bugs. Starting today, we’re formalizing a bug bounty program with Bugcrowd and updating our responsible disclosure, which means we can tap into the more than 9,000 security researchers on the Bugcrowd platform. We hope these updates will allow us to learn more from the security community and respond faster to Whitehats.

This is just the first step. As we gather feedback from the community, we have plans to turn the bug bounty into a paid program, so we can reward experts for their efforts with cash. In the meantime, Whitehats can register, report and get kudos using Bugcrowd. We anticipate a much more efficient disclosure process as a result, and an even stronger and bug-free environment for Pinners!

Paul Moreno is a security engineer at Pinterest.

Latest Article

Sep 30, 2016

We recently hosted a meetup to discuss how companies drive growth at scale. More than 100 engineers joined to hear speakers from Dropbox, Pinterest and Yelp. Below are recaps of the talks, and you can also check out a recording below.


Sep 24, 2015

Our developer sandbox is now open, which means you can access the Pinterest API to start building apps and integrations with Pinterest. When you’re ready to publicly launch your app, you’ll need to submit it for a quick review.