Pinterest engineering blog

  • Back to all posts
  • May 27, 2014
  • Share

Introducing our bug bounty program

Paul Moreno

Paul is a security engineer at Pinterest

The security of Pinners is one of our highest priorities, and to keep Pinterest safe, we have teams dedicated to solving issues and fixing bugs. We even host internal fix-a-thons where employees across the company search for bugs so we can patch them before they affect Pinners.

Even with these precautions, bugs get into code. Over the years, we’ve worked with external researchers and security experts who’ve alerted us to bugs. Starting today, we’re formalizing a bug bounty program with Bugcrowd and updating our responsible disclosure, which means we can tap into the more than 9,000 security researchers on the Bugcrowd platform. We hope these updates will allow us to learn more from the security community and respond faster to Whitehats.

This is just the first step. As we gather feedback from the community, we have plans to turn the bug bounty into a paid program, so we can reward experts for their efforts with cash. In the meantime, Whitehats can register, report and get kudos using Bugcrowd. We anticipate a much more efficient disclosure process as a result, and an even stronger and bug-free environment for Pinners!

Paul Moreno is a security engineer at Pinterest.

Latest Article

Apr 18, 2016

A small team of Pinterest iOS engineers was recently given the opportunity every engineer dreams of - completely rethinking and rebuilding our app. We’ve grown so much that it’s created a high demand on our platform.

Popular

Aug 6, 2015

At Pinterest we practice Continuous Integration religiously. We build every code commit in mainline, which in turn produces tons of build artifacts every day.

Discover

Feb 6, 2015

As we continue to focus on making search improvements and building a discovery engine, we recently invited members of the local search communities to Pinterest for a Discover Pinterest event.