InVision has embraced an aggressive approach to vulnerability and risk management. We have always effectively and successfully managed the fundamentals including monthly external and internal vulnerability scans, a standard 30-day patch cycle with out-of-band exceptions for critical and high-risk vulnerabilities, static and dynamic analysis code scanning, subscriptions to vendor and media notification lists and more. Covering even minimum best practices, security teams become quickly overwhelmed with rapid company growth, legal and regulatory standards, an increasingly complex service offering and a growing threat environment. The result can lead to an organizational compromise or worse.
The Identity Theft Resource Center reported 845 breaches to date in 2016 and near 7,000 over the last 10 years, but if we’re being honest, that’s likely under reported. I think it’s more realistic to say the number is 2x that or even 10x.
Despite InVision’s sizeable security team with decades of experience, education, and security certifications, we have opened our doors to invite the world’s best and brightest minds to hack away at InVision—and make money doing it. Today we’re launching our public bug bounty program with Bugcrowd as our next step toward improving the security of InVision’s systems and services. Our vulnerability reward payments will go up to $1,500 USD for each submission accepted, depending on impact and severity.
Bugcrowd specializes in bug bounty programs for some of the world’s most trusted brands including Tesla, Mastercard and Fiat-Chrysler. They employ some of the best security experts in our field with a team that can easily manage the volume of submissions we see here at InVision. We are very excited about this opportunity.
If you want to test your hacking skills with an opportunity for financial reward, here is the information you need:
Bugcrowd InVision Program Page
Built with: ColdFusion, Java
To learn more about our public bug bounty program, visit Bugcrowd’s blog here.