Japan’s LINE launches public bug bounty program with HackerOne
HackerOne has announced the launch of LINE's public bug bounty program.
Through the program, ethical hackers are invited to test LINE’s core messenger application and web domains for potential vulnerabilities and securely disclose them to LINE.
In working with HackerOne, LINE is able to tap into the vast expertise of a global community of skilled hackers to identify and fix security vulnerabilities before they can be exploited.
Since July 2019, LINE has been running a private program on HackerOne in tandem with its self-managed bug bounty program.
Over the course of the last four months, LINE has paid out nearly $30,000 in monetary awards — better known as bounties — to hackers for their efforts and has seen increased engagement from hackers internationally.
In going public, the company will be transitioning its entire bug bounty ecosystem to the HackerOne platform.
Since starting its ongoing bug bounty program in June 2016, the company has received more than 1,000 reports and have paid over $300,000 in bounties through both self-run and HackerOne bug bounty initiatives.
“We are thrilled to be moving to the HackerOne platform as it allows us to increase our visibility and thereby increase the amount of high-quality reports we receive as well,” says LINE cybersecurity head Naohisa Ichihara.
“As being transparent about security issues is very important to us, we wanted a convenient way to disclose such information. Our original platform did not have an easy way of achieving this, so it was also a contributing factor in deciding to move to HackerOne.”
There are over 570,000 hackers registered on HackerOne.
Participation in the LINE bug bounty program is open and encouraged to all hackers worldwide.
Bounty awards range from $500 to $30,000 for eligible valid vulnerabilities.
Assets in scope include the main LINE application (for iOS, Android, Chrome, MacOS and Windows) as well as the web domains https://store.line.me/, https://news.line.me/, https://music.line.me/, and https://live.line.me/.
“With 164 million global monthly average users across their top four countries, LINE knows it’s imperative to protect user information around the clock,” says HackerOne Asia Pacific (APAC) VP Attley Ng.
“By adding the largest community of ethical hackers in the world as an extension of their cybersecurity team, LINE enhances their global approach to security and improves the safety of their customers.”
APAC continues to be one of the fastest-growing regions for hacker-powered security. According to HackerOne’s 2019 Hacker-Powered Security Report, the number of hacker-powered security programs grew by 30% in the region year over year.
HackerOne opened its APAC headquarters in Singapore this year and has brought on notable customers including Ministry of Defence Singapore (MINDEF), GovTech Singapore, Xiaomi, Zomato, Toyota, Nintendo, Grab, and Alibaba.
In addition, the region’s first-ever live-hacking event (h1-65) was held in Singapore, with Dropbox awarding over $300,000 in bug bounties to participating hackers.