Cloudflare added a public bug bounty program, the vendor’s first such initiative since the cloud security company started its bug bounty program in 2014.
In a Feb. 1 blog post, the company said the first iteration of its bug bounty program was pure vulnerability disclosure without cash bounties. In 2018, Cloudflare added a private bounty program, but now anyone interested can report bugs related to Cloudflare products on its public site hosted on HackerOne’s platform.
++
“Bug bounties have their merit in the cybersecurity field, but they still fall into the category of focusing efforts post-deployment and being reactive”, said Archie Agarwal, founder and CEO at ThreatModeler.