Pinterest Launches Bug Bounty Program

Pinterest has become the latest major Web property to start a bug bounty program, joining the Bugcrowd platform and offering researchers rewards of up to…a shirt.

The site, which enables users to post photos, recipes and other information, announced the new reward program Tuesday. Company officials said that Pinterest was looking for more people to help find bugs in the various Web properties it operates. The company already works with external researchers and holds internal “fix-a-thons” to encourage employees to find bugs.

“Even with these precautions, bugs get into code. Over the years, we’ve worked with external researchers and security experts who’ve alerted us to bugs. Starting today, we’re formalizing a bug bounty program with Bugcrowd and updating our responsible disclosure, which means we can tap into the more than 9,000 security researchers on the Bugcrowd platform. We hope these updates will allow us to learn more from the security community and respond faster to Whitehats,” Paul Moreno, a security engineer at Pinterest, wrote in a blog post announcing the program.

The main domain is the target for the bug bounty program, but it includes a number of subdomains:


Moreno said that while a shirt and a mention in the company’s hall of fame are the only rewards available in the program right now, that may change in the future as the program matures and attracts more researchers.

“This is just the first step. As we gather feedback from the community, we have plans to turn the bug bounty into a paid program, so we can reward experts for their efforts with cash,” he said.

Bugcrowd is a platform that allows companies to run their bug bounty programs and expose them to a vetted group of security researchers and testers. Many large companies choose to run their bug bounties on their own, including Facebook, Microsoft, PayPal and others. But Bugcrowd allows organizations to hand off some of the details to a third party.


Suggested articles

election security disinformation video

Cybercriminals Step Up Their Game Ahead of U.S. Elections

Ahead of the November U.S. elections, cybercriminals are stepping up their offensive in both attacks against security infrastructure and disinformation campaigns – but this time, social media giants, the government and citizens are more prepared.


  • Marisa Fagan on

    Thanks for the mention, Dennis. We're excited to be working with Pinterest and looking forward to their continued successful interactions with security researchers in the future. -Marisa Community Manager, Bugcrowd
  • Fraud on

    I can ensure that reporting issues to Pinterest is a complete waste of time: I have been waiting for a reply from this company more than 6 months, and what I get from them days ago has been a single line telling me that they are already aware of all the vulnerabilities I disclosed to them in 2013.
    • Ellie Kesselman on

      It is discouraging to me, as a Pinterest user concerned about security, to learn of your experience in reporting issues. I'm not surprised though, given how seriously Pinterest has NOT decided to take their bug bounty program, as indicated by the prize for bug finders: a T-shirt.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.