Magento won’t ditch ‘bug bounty’ scheme after all

By Dan Wilson September 17, 2018 - 3:03 pm

Ecommerce platform provider Magento will not be ending its bug bounty program after all following an uproar from users. The scheme rewarded benevolent hackers and developers who receive between $100 to $10,000 for reporting a coding weakness with the software.

The announcement was made on the bug bounty program (BBP) page on Bugcrowd. That’s a dedicated online platform for submitting security bugs. They originally said the program would end on September 15th with the Magento program being rolled into the Adobe scheme which doesn’t reward informants. Happily that decision has now been revoked.

Adobe bought Magento earlier this year for $1.68 billion. Many of the critics angry about the axing of the scheme said that the move was a shift away from Magento’s roots and further proof that Adobe didn’t fully understand the open-source platform it has acquired.

We realize our announcement on September 10 about aligning the Magento bug bounty program to the Adobe vulnerability disclosure program has caused concerns. We want to make it clear that we will carry over the existing bounty payment schedule to newly reported Magento bugs to the Adobe program. We look forward to continuing our collaboration with the security research community to improve the security of the Magento platform.
– Magento

It’s good to see a reversal of this policy for several reasons. Firstly, it was a shoddy idea to ditch what was a respected and effective bug hunting scheme in the first place. Merchants enjoyed huge benefits, on more than one occasion from vulnerabilities spotted by bug-hunters, most notably the Shoplift problem.

But perhaps more heartening is the fact that despite being owned by Adobe, a much bigger and presumably less nimble operation, they have had courage and sense enough to reverse the decision. Judging by the response online, from the vocal community of bug hunters, this is a welcome change that will hopefully keep the system secure.

Comments are closed.

Tamebay Guide

Welcome to our Tamebay Guide. Companies listed in the directory represent the leading suppliers in the UK and Europe.
World's #1 eCommerce Platform‎ This is a courtesy listing as it

Recent Comments

2 hours ago
BFT: I think we have to accept the increase in the number of Chinese sellers. My real...
2 hours ago
Alan: Ebay is not the only one where the amount of Chinese sellers is an issue....
3 hours ago
Toby: Totally agree with Andys comments above. The biggest obvious problem with ebay to me is...
3 hours ago
Mark: Yippeeee!!! hopefully eBay will pin this information to their customer service department so they will actually...