This guest blog is authored by Jeana Tahnk, director of global communications at Auth0, and originally appeared on the Auth0 blog.
Auth0, a global leader in Identity-as-a-Service (IDaaS), today announced the launch of a private bug bounty program to further reinforce its emphasis on security and ensure that its customers are protected from any vulnerabilities.
The private bug bounty is a specialized program that will allow Auth0’s security team to partner with selected researchers to source potential vulnerability discoveries in exchange for monetary rewards. The bug bounty will be run on Bugcrowd and will expand the company’s current Responsible Disclosure Program, which is already in place.
“We take the privacy and protection of our customers’ data very seriously and are dedicated to investing the time and resources into ensuring we adhere to the highest standards,” said Joan Pepin, CISO and VP of Operations at Auth0. “Our security program is maturing rapidly, and the launch of this bug bounty program reinforces our dedication to our customers and the highest level of security we offer them.”
Bugcrowd will select and invite security researchers registered on its platform based on skills and experience. Each report verified by Bugcrowd’s Application Security Engineer team will be then sent to the Auth0 Product Security team to assess the severity of the finding, assign the researcher a monetary reward, move the issue to its internal vulnerability database, and work with relevant Product and Engineering teams towards remediation.
“Bugcrowd deploys a global Crowd of diverse, creative, and highly-skilled security researchers to identify and solve security challenges,” said Ashish Gupta, CEO at Bugcrowd. “The result is our ability to provide highly specialized security expertise to the high caliber of companies we work with. We are really excited to be supporting the launch of Auth0’s Bug Bounty Program and serve as an extension of its security team.”
The program is launching with approximately 25 global researchers who have been identified and invited by Bugcrowd, and will increase in number later this year.
Auth0 is a trusted security partner to its customers and has achieved certification for many important compliance regulations, including HIPAA, SOC 2 Type II, ISO 27001, ISO27018, and more. Please visit Auth0 Security for more information.
Auth0, a global leader in Identity-as-a-Service (IDaaS), provides thousands of customers in every market sector with the only identity solution they need for their web, mobile, IoT, and internal applications. Its extensible platform seamlessly authenticates and secures more than 2.5 billion logins per month, making it loved by developers and trusted by global enterprises. The company’s U.S. headquarters in Bellevue, WA, and additional offices in Buenos Aires, London, Tokyo, and Sydney, support its global customers that are located in 70+ countries.
For more information on Bugcrowd’s managed Bug Bounty Programs, visit: https://www.bugcrowd.com/products/bug-bounty/