Netflix wants you to hack it. Well, sort of.
The entertainment and streaming company announced Wednesday the launch of a public bug bounty program designed to allow security researchers to responsibly disclose vulnerabilities, and, notably, get paid for doing so.
The idea is not a new one, and in fact Netflix has done this privately since 2013. Opening it up to the general public, however, is new for Nextflix. The company is working with Bugcrowd to manage and vet submissions, and has a clear set of rules regarding what is and isn’t eligible for a payout.
Hack and steal an unreleased Netflix show? That’s a no-no. Pulling off remote code execution, however, might just get you paid. And it’s real money we’re talking about here — up to $15,000, in fact.
“Since the launch of our private bug bounty program, we have received 145 valid submissions (out of 275 total) of various criticality levels across the Netflix services,” the company said in a press release. “These submissions have helped us improve our external security posture and identify systemic security improvements across our ecosystem.”
Keep it at zero.
Other major tech companies employ their own versions of bug bounties. Google, for example, has something called a vulnerability reward program. Finding and reporting qualifying bugs through that program could earn you up to $20,000.
Ideally, Netflix’s public bug bounty means that the site is going to be more secure going forward. This, unequivocally, is a good thing. After all, no one wants Netflix to get hacked — just image all the weird data the company has on your viewing habits.