Magento won’t ditch ‘bug bounty’ scheme after all

By Dan Wilson September 17, 2018 - 3:03 pm

Ecommerce platform provider Magento will not be ending its bug bounty program after all following an uproar from users. The scheme rewarded benevolent hackers and developers who receive between $100 to $10,000 for reporting a coding weakness with the software.

The announcement was made on the bug bounty program (BBP) page on Bugcrowd. That’s a dedicated online platform for submitting security bugs. They originally said the program would end on September 15th with the Magento program being rolled into the Adobe scheme which doesn’t reward informants. Happily that decision has now been revoked.

Adobe bought Magento earlier this year for $1.68 billion. Many of the critics angry about the axing of the scheme said that the move was a shift away from Magento’s roots and further proof that Adobe didn’t fully understand the open-source platform it has acquired.

We realize our announcement on September 10 about aligning the Magento bug bounty program to the Adobe vulnerability disclosure program has caused concerns. We want to make it clear that we will carry over the existing bounty payment schedule to newly reported Magento bugs to the Adobe program. We look forward to continuing our collaboration with the security research community to improve the security of the Magento platform.
– Magento

It’s good to see a reversal of this policy for several reasons. Firstly, it was a shoddy idea to ditch what was a respected and effective bug hunting scheme in the first place. Merchants enjoyed huge benefits, on more than one occasion from vulnerabilities spotted by bug-hunters, most notably the Shoplift problem.

But perhaps more heartening is the fact that despite being owned by Adobe, a much bigger and presumably less nimble operation, they have had courage and sense enough to reverse the decision. Judging by the response online, from the vocal community of bug hunters, this is a welcome change that will hopefully keep the system secure.

Comments are closed.

Featured in this article from the Tamebay Guide – companies that can help you grow and manage your business.


Magento is a modern cloud eCommerce platform. Magento extends beyond the shopping cart for every shoppable experience, including email, mobile, in-store, and more

See More Companies >

Recent Comments

8 hours ago
Martin Lowe: Ow I feel so sorry for you pile it high sell it cheap merchants...Sad state...
10 hours ago
fidomaster: It's important to note that as recently as a month ago, eBay was in full...
15 hours ago
Dave: You could be right Chris. I've just had the exact same email to my personal PayPal...
15 hours ago
Chris Dawson: Good news Paddy, you're already paying 20p so the 30p is only an additional 10p....