/>
X

Etsy handcrafts rewards for security bug hunters

Etsy has launched its own bug bounty program, believing that opening up its site to scrutiny is industry best practice.
michael-11.jpg
Written by Michael Lee, Journalist on

Online handmade goods marketplace Etsy has taken an unexpected move to bolster security by introducing rewards to hackers who responsibly disclose bugs to the company.

Announced on the company blog, Etsy has launched a security bug bounty program that's similar to Google's.

"Our goal is to reward security researchers who follow responsible disclosure principles and proactively reach out to us if they've identified a vulnerability which would impact the safety of our marketplace or members. We believe that this is industry best practice," the company's blog post said.

Etsy will pay a minimum of US$500 to qualifying bounty hunters, which may be increased at the company's discretion where the bugs are "distinctly creative" or severe. In keeping with the company's spirit, it will also throw in a few handmade "thank-yous" such as an Etsy Security Team T-shirt.

Spam, social engineering and denial-of-service (DoS) vulnerabilities are not covered under the scope of the bounty program, but, in addition to the main Etsy site, its application programming interface (API) and mobile apps are open for scrutiny.

In April this year, the company launched a responsible disclosure page to provide information security researchers with a way to notify Etsy of bugs. Ten researchers stepped forward to voluntarily highlight bugs, but at the time Etsy did not have a reward scheme in place, and did not pay out a bounty. The company is now honouring those individuals by retroactively making payouts since launching the page.

Related

The 5 best tiny houses of 2022: Modern tiny homes
Placeholder product image alt text

The 5 best tiny houses of 2022: Modern tiny homes

Home & Office
How to stop spam messages on your iPhone with this almost-secret hidden switch
messages.jpg

How to stop spam messages on your iPhone with this almost-secret hidden switch

Security
Windows 11: How to move the Start button back to where it belongs
windows-11-start-button.jpg

Windows 11: How to move the Start button back to where it belongs

Microsoft