LINE Security Bug Bounty Program Report 2019

INDUSTRY.co.id - Hello! I am Robin Lunde from the LINE Security team. 2019 was a very eventful year for the LINE Bug Bounty program. I would like to share with you some of the highlights and key takeaways from 2019, as well as our plans for 2020.

In late 2018 through early 2019, we began investigating the potential benefits of moving our program to HackerOne. After careful consideration, we concluded that we could likely improve the program and its results by moving to the HackerOne platform. As such, we started the process of migrating our program.

One of the factors that made us decide to move was the option to easily make reports public, allowing us to be more transparent and open about the reports we receive. We have previously shared information under special circumstances, but going forward we want to share information on a more regular basis.

Another important factor was that it would likely increase our participation globally, because our program would be easier to find by being on a more widely known platform. Also, most hackers already have accounts on the platform, and they would be able to make reports more easily without having to sign up for a separate account. 

After some time reviewing our options, we came to the conclusion that starting as a private program and running it in parallel with our own program, would let us evaluate how to best proceed. We made the necessary preparations and on July 1st, we launched our HackerOne private program.

A private program is a program where only invited hackers can participate. We invited all participants from our old program, and also got help from the HackerOne team to introduce new, highly skilled researchers.