Audiomack music streaming platform launches public bug bounty

Music-sharing site Audiomack is launching a public bug bounty program to encourage security researchers to share information on suspected vulnerabilities.

The artist-focused music streaming service is working with Bugcrowd to run its new vulnerability disclosure program (VDP).

Previously, Audiomack had run a private VDP, also with Bugcrowd, for around a year.

The music service is now opening this up to all security researchers and will offer what it describes as competitive rewards.

Audiomack does not, though, state a maximum bounty.

Going public

According to Sean Coker, director of engineering at Audiomack, the existing VDP has helped the music service to triage and validate potential vulnerabilities, allowing its in-house engineers to focus on deploying fixes.

Moving to a public platform allows Audiomack access to a wider range of testing skills, and “find and fix critical security gaps before they can be exploited”, Coker said.

The VDP will not cover security flaws related to third-party vendors, brute-force attacks, or attempts to use social engineering to gain access to Audiomack systems.

Bugcrowd claims that the number of critical and high-severity vulnerabilities found by researchers on its platform grew by 73% from 2019 to 2020.

Source: https://portswigger.net/daily-swig/audiomack-music-streaming-platform-launches-public-bug-bounty