Skip to main content

Netflix opens its bug bounty program to the public

Netflix opens its bug bounty program to the public


But it doesn’t pay that well

Share this story

Image: Netflix

Netflix launched a bug bounty program today that is open to the public. Now, anyone can catch security bugs on the platform and point them out in exchange for cash rewards.

Netflix says that the highest payout so far is a $15,000 reward for identifying a “critical vulnerability.” It evaluates each vulnerability found for its “impact” to judge how much the reward should be. The bounty program had been privately available to select users since September 2016.

Opening up a bug bounty program to the public and offering small payouts is something that many tech companies such as Samsung and Microsoft do, as a more cost-efficient way of identifying vulnerabilities. If several white hat hackers can locate critical bugs, that may cost less for a tech company in the long run. Samsung has said it’ll pay up to $200,000 for a bug and Microsoft has said $250,000, but Netflix’s max payout is $15,000. Since any bugs in the Netflix platform would only affect company data and systems, its risk profile is lower than Samsung and Microsoft and the reward reflects that, according to a person familiar with the program.

Update March 21, 1:30PM ET: This article has been updated with more information about payout numbers.