Pinterest engineering blog

  • Back to all posts
  • May 27, 2014
  • Share

Introducing our bug bounty program

Paul Moreno

Paul is a security engineer at Pinterest

The security of Pinners is one of our highest priorities, and to keep Pinterest safe, we have teams dedicated to solving issues and fixing bugs. We even host internal fix-a-thons where employees across the company search for bugs so we can patch them before they affect Pinners.

Even with these precautions, bugs get into code. Over the years, we’ve worked with external researchers and security experts who’ve alerted us to bugs. Starting today, we’re formalizing a bug bounty program with Bugcrowd and updating our responsible disclosure, which means we can tap into the more than 9,000 security researchers on the Bugcrowd platform. We hope these updates will allow us to learn more from the security community and respond faster to Whitehats.

This is just the first step. As we gather feedback from the community, we have plans to turn the bug bounty into a paid program, so we can reward experts for their efforts with cash. In the meantime, Whitehats can register, report and get kudos using Bugcrowd. We anticipate a much more efficient disclosure process as a result, and an even stronger and bug-free environment for Pinners!

Paul Moreno is a security engineer at Pinterest.

Latest Article

Oct 21, 2016

Not long ago, some friends and I were having lunch and talking about the upcoming election. As is the case with discussions centered around weather or politics, it ended the way they usually end: with all of us shrugging and saying "well, beyond remembering to vote, what can any of us do?"


Mar 18, 2016

For many areas of growth, presenting your message with the right hook to pique a user’s interest and to get them to engage is critical.


Aug 6, 2015

At Pinterest we practice Continuous Integration religiously. We build every code commit in mainline, which in turn produces tons of build artifacts every day.