Heroku has launched a bug bounty program, which has them joining the likes of Github, Facebook, Mozilla, and Google as companies who reward researchers for finding valid vulnerabilities in their applications.
Heroku is the first dedicated PaaS to start an ongoing bug bounty program, which will be managed by Bugcrowd, the crowdsourced security company that specializes in bug bounty management. The Bugcrowd security community of 8,000 security researchers will help protect thousands of Heroku customers.
Heroku has run a coordinated disclosure program since 2011 and have now chosen Bugcrowd as the platform to launch their bounty program and simplify their vulnerability disclosure processes.
With the recent rise in security issues and increased awareness among companies and the general public, it’s exciting to see a platform technology leader such as Heroku recognize the importance of bug bounties and responsible disclosure as layers in their security.
To bring a bit of background, on Jan 30, Github launched their own bug bounty program as well.
Casey Ellis, CEO of Bugcrowd, @bugcrowd
Bio: Casey has spent 12 years in information security, servicing clients ranging from startups to multinational corporations as a security and risk consultant and solutions architect. At some point he realized he was quite fond of product and startups and went on to found Bugcrowd Inc, where he now sits as CEO. He likes thinking like a bad guy (while not actually being one).