Get insightful engineering articles delivered directly to your inbox.
By

— 2 minute read

InVision Launches Public Bug Bounty Program with Bugcrowd

Offers To Pay Hackers Up To $1,500 USD To Find Security Vulnerabilities

InVision has embraced an aggressive approach to vulnerability and risk management. We have always effectively and successfully managed the fundamentals including monthly external and internal vulnerability scans, a standard 30-day patch cycle with out-of-band exceptions for critical and high-risk vulnerabilities, static and dynamic analysis code scanning, subscriptions to vendor and media notification lists and more. Covering even minimum best practices, security teams become quickly overwhelmed with rapid company growth, legal and regulatory standards, an increasingly complex service offering and a growing threat environment. The result can lead to an organizational compromise or worse.

The Identity Theft Resource Center reported 845 breaches to date in 2016 and near 7,000 over the last 10 years, but if we’re being honest, that’s likely under reported. I think it’s more realistic to say the number is 2x that or even 10x.

Despite InVision’s sizeable security team with decades of experience, education, and security certifications, we have opened our doors to invite the world’s best and brightest minds to hack away at InVision—and make money doing it. Today we’re launching our public bug bounty program with Bugcrowd as our next step toward improving the security of InVision’s systems and services. Our vulnerability reward payments will go up to $1,500 USD for each submission accepted, depending on impact and severity.

Bugcrowd specializes in bug bounty programs for some of the world’s most trusted brands including Tesla, Mastercard and Fiat-Chrysler. They employ some of the best security experts in our field with a team that can easily manage the volume of submissions we see here at InVision. We are very excited about this opportunity.

If you want to test your hacking skills with an opportunity for financial reward, here is the information you need:

Bugcrowd InVision Program Page
Site: projects.invisionapp.com
Built with: ColdFusion, Java

To learn more about our public bug bounty program, visit Bugcrowd’s blog here.

Happy hacking!

By
Johnathan Hunt is VP of Information Security at InVision.

Like what you've been reading? Join us and help create the next generation of prototyping and collaboration tools for product design teams around the world. Check out our open positions.