Netflix this week opened its bug bounty program to all security researchers. Under the program, researchers can earn between $100 to $15,000 for valid bug and vulnerability reports.
The program allows researchers to submit bugs and vulnerabilities they find through Bugcrowd, a hosted bug bounty program platform. Netflix is specifically asking researchers to report bugs that are associated with the core Netflix experience, as well as the company's iOS and Android apps and APIs.
Netflix launched a responsible vulnerability disclosure program in 2013 and says it has addressed 190 issues reported through it. It launched a private bug bounty program in September 2016, beginning with 100 of Bugcrowd's top researchers. Over the past year, the streaming entertainment giant has invited 700 researchers to participate.
The company credits the private bug bounty program with 145 valid submissions and says they "have helped us improve our external security posture and identify systemic security improvements across our ecosystem." It now aims to further improve its security with the public launch.