The company behind the popular application common use video TikTok announced last week that it had launched one public bug bounty program, in collaboration with the platform HackerOne, to detect possible vulnerabilities.
According to TikTok, participants in the bug bounty program can earn from Up to $ 1.700 up to $ 6.900 for a serious vulnerability, while to detect a critical error, the company is willing to give as well $ 14.800. The severity of the vulnerability is determined based on the score on the CVSS scale.
In the past, security researchers have identified significant bugs security in the TikTok application. The company claims to have paid more than $ 40.000 so far through a bug bounty program.
TikTok used to have a vulnerability disclosure policy, but it only rewarded certain reports and did not have a clear pay structure for researchers.
"This collaboration will help us gain knowledge from the world's top security researchers, academics and independent experts to better identify potential threats and make our defenses even stronger.Said Luna Wu of TikTok Global Security Team.
The US government has been trying to ban TikTok in the United States, as it considers that the application is dangerous for the national safety. The company behind TikTok challenged the decision in court and the judge ruled in favor of the Chinese company, temporarily blocking the ban.
According to SecurityWeek, Washington has said it will allow TikTok to be used in the country if the parent company, Bytedance, agree to sell its activities to a company of USA. Initially, an attempt was made to reach an agreement with Microsoft, but the cooperation did not go ahead.