Improve security through bug bounty competition
By: Kara Mahoney
Mapbox is participating in HackerOne’s Hack the World event, their largest hacking competition of the year. All reports submitted to the Mapbox bug bounty program between October 18th and November 18th, 2017 are eligible for Hack the World’s prizes, and we’re offering some special awards of our own. We’re rewarding the best report, as well as two honorable mentions.
Up to $5000 bonus for top report
We are doubling the bounty for the best Hack the World report that we receive — not only based on the impact of the vulnerability, but the quality of the report itself. In the event of a tie, report quality will be the tie breaker.
$1000 bonuses to honorable mentions
This bonus is five times our minimum payout and is not restricted to any bounty amount, meaning that a minimum bounty vulnerability is still eligible for an honorable mention. Again, if there’s a tie, the quality of the report will be the deciding factor.
Penetration testing powered by bug bounty platforms like HackerOne and collaboration with security researchers working to protect our users are a fundamental part of how we secure Mapbox. Check out our retrospective on one year with HackerOne, or if you’re heading to the O’Reilly Security conference in New York this month, watch our own Alex Ulsh discuss how our team built out our bug bounty program.
What next?
Sign up on HackerOne and start hacking Mapbox Studio, our SDKs, APIs, and public website. We’re particularly interested in security reports related to our SDKs and APIs. To learn more about the competition, visit the Hack the World page.
You can read more about security at Mapbox, our vulnerability disclosure process, and past security bulletins. And don’t forget to check out our jobs page, we’re hiring security engineers.
Happy hacking!
Double bounty for top Hack the World report was originally published in Points of interest on Medium, where people are continuing the conversation by highlighting and responding to this story.