New program follows a year-long private VDP

Audiomack has launched a security bug bounty program

Music-sharing site Audiomack is launching a public bug bounty program to encourage security researchers to share information on suspected vulnerabilities.

The artist-focused music streaming service is working with Bugcrowd to run its new vulnerability disclosure program (VDP).

Previously, Audiomack had run a private VDP, also with Bugcrowd, for around a year.


Read more of the latest bug bounty news


The music service is now opening this up to all security researchers and will offer what it describes as competitive rewards.

Audiomack does not, though, state a maximum bounty.

Going public

According to Sean Coker, director of engineering at Audiomack, the existing VDP has helped the music service to triage and validate potential vulnerabilities, allowing its in-house engineers to focus on deploying fixes.

Moving to a public platform allows Audiomack access to a wider range of testing skills, and “find and fix critical security gaps before they can be exploited”, Coker said.

The VDP will not cover security flaws related to third-party vendors, brute-force attacks, or attempts to use social engineering to gain access to Audiomack systems.

Bugcrowd claims that the number of critical and high-severity vulnerabilities found by researchers on its platform grew by 73% from 2019 to 2020.


RELATED Bug Bounty Radar // The latest bug bounty programs for August 2021