The heart of tech

This article was published on April 17, 2014


    Heroku launches bug bounty program with rewards ranging from $100 to $1,500

    Heroku launches bug bounty program with rewards ranging from $100 to $1,500
    Emil Protalinski
    Story by

    Emil Protalinski

    Emil was a reporter for The Next Web between 2012 and 2014. Over the years, he has covered the tech industry for multiple publications, incl Emil was a reporter for The Next Web between 2012 and 2014. Over the years, he has covered the tech industry for multiple publications, including Ars Technica, Neowin, TechSpot, ZDNet, and CNET. Stay in touch via Facebook, Twitter, and Google+.

    Heroku today launched a bug bounty program in conjunction with Bugcrowd. Rewards range between $100 and $1,500, with the amount being completely based on the severity of the vulnerability. If a security researcher shows interest in donating their bounty to a recognized charity, Heroku promises to match it dollar-for-dollar.

    Customer apps are out of scope for the bounty, but Heroku promises to pass information along if security researchers inform the company anyway. “Working with security researchers to ensure the trustworthiness of Heroku’s platform is an ongoing effort of ours,” the company says.

    Until now, Heroku has merely listed security researchers who report bugs to the company on its Hall of Fame. It will continue to provide this public recognition and thanks, in addition to financial incentives.

    See also – GitHub launches Bug Bounty program, offers between $100 and $5,000 for security vulnerabilities and Microsoft and Facebook sponsor Internet Bug Bounty program, offer cash for hacking the Internet stack

    Image Credit: Tracy Olson