Magento won’t ditch ‘bug bounty’ scheme after all

By Dan Wilson September 17, 2018 - 3:03 pm

Ecommerce platform provider Magento will not be ending its bug bounty program after all following an uproar from users. The scheme rewarded benevolent hackers and developers who receive between $100 to $10,000 for reporting a coding weakness with the software.

The announcement was made on the bug bounty program (BBP) page on Bugcrowd. That’s a dedicated online platform for submitting security bugs. They originally said the program would end on September 15th with the Magento program being rolled into the Adobe scheme which doesn’t reward informants. Happily that decision has now been revoked.

Adobe bought Magento earlier this year for $1.68 billion. Many of the critics angry about the axing of the scheme said that the move was a shift away from Magento’s roots and further proof that Adobe didn’t fully understand the open-source platform it has acquired.

We realize our announcement on September 10 about aligning the Magento bug bounty program to the Adobe vulnerability disclosure program has caused concerns. We want to make it clear that we will carry over the existing bounty payment schedule to newly reported Magento bugs to the Adobe program. We look forward to continuing our collaboration with the security research community to improve the security of the Magento platform.
– Magento

It’s good to see a reversal of this policy for several reasons. Firstly, it was a shoddy idea to ditch what was a respected and effective bug hunting scheme in the first place. Merchants enjoyed huge benefits, on more than one occasion from vulnerabilities spotted by bug-hunters, most notably the Shoplift problem.

But perhaps more heartening is the fact that despite being owned by Adobe, a much bigger and presumably less nimble operation, they have had courage and sense enough to reverse the decision. Judging by the response online, from the vocal community of bug hunters, this is a welcome change that will hopefully keep the system secure.

Comments are closed.

Featured in this article from the Tamebay Guide – companies that can help you grow and manage your business.


Magento is a modern cloud eCommerce platform. Magento extends beyond the shopping cart for every shoppable experience, including email, mobile, in-store, and more

See More Companies >

Recent Comments

1 min ago
Chris Dawson: Suggest you read the article again - purchased "last Sunday" and screen shots of eBay...
11 mins ago
George: This website is merely anti-eBay. This is such garbage and is entirely coming from a...
22 mins ago
Joe Cortese: What happened to 'one size does not fit all'? Fine for generic mundane consumables. Sad day for...
1 hour ago
Chris Dawson: Hi Lesley, There are about 350 marketplace in Europe and thousands around the world. We...