Today we are pleased to announce that after running an extensive private program with Bugcrowd, Okta is launching its first public bug bounty program.

Okta, a leading provider of identity for the enterprise, has always prioritized product security. To augment its robust security team and strategy to further enhance that level of security, Okta is ready to leverage our crowd of over 40,000 researchers.

“At Okta, we’re squarely focused on customer success. For my security team, that translates directly to customer security and assurance. Our private bug bounty program with Bugcrowd expanded coverage of my internal attack team by adding a solid bench of diversity and breadth of capabilities. By moving to a public program, we can now take advantage of the full extent and resources of Bugcrowd’s curated crowd. Bugcrowd has quickly become an integral part of our overall security program. It enables my internal team to focus their assessments to the critical earlier stages of product design and development. We’re excited to expand our security program with today’s public launch.”

– David Baker, Chief Security Officer at Okta

Over the past year and a half, it has been a pleasure to work so closely with David and the Okta security team. They are real innovators who take customer security and assurance seriously. Their private program, which they have shown strong and consistent commitment to, allowed them to quickly scale up their team and work, improving response time and increasing transparency.

The next stage in their commitment to product security and security research comes today with their transition to a public program. This further augmentation of their security team will enable them to focus internal resources on the critical early stages of product design and development. Learn more about Okta’s commitment to security on their blog.

About the Okta program:

  • View full brief details here.
  • Target: Okta Identity Cloud
  • Rewards: Up to $15,000 per vulnerability
  • Disclosure Policy: Requires explicit permission to publicly disclose


Want to learn more about how Okta’s private program validated the security work the team was carrying out internally and allowed them to double down in other areas? Listen to our recently recorded webcast featuring Okta CSO David Baker.