Front, a customer operations platform that helps 8,000+ businesses deliver exceptional service at scale, has always placed security at the heart of its operations. Recognizing that in today’s digital age the safety of user data is paramount, Front launched its private bug bounty program five years ago. This initiative was a testament to Front’s commitment to proactive security measures, ensuring its platform remains robust against potential threats.
Today, we’re thrilled to announce that we’ve taken our commitment to secure customer operations one step further by making Front’s bug bounty program public.
The move from private to public
The bug bounty program at Front has witnessed significant engagement since its inception. Over the past five years, more than 650 unique vulnerability reports have been submitted by ethical hackers worldwide. Out of these, 180 were identified as valid and have since been rectified.
So far, we’ve had the privilege of working with over 2,000 researchers in our private program. This not only underscores the success of the program but also highlights the expansive and dedicated community of researchers deeply committed to fortifying Front’s security.
The introduction of our private bug bounty has been pivotal in enhancing Front’s security posture. In our pursuit of efficiency, we’ve scaled our triaging efforts by collaborating with HackerOne Triage. We’ve established an internal SLA dedicated to addressing security bugs. Recognizing the importance of attracting and rewarding the best in the field, we’ve adopted a ’pay on triage’ system and have realigned our bounty payouts, ensuring they are competitive in today’s market. Most significantly, the learnings derived from these reports have illuminated classes of issues, enabling us to proactively harden our product against potential security issues.
By taking this next step to make Front’s bug bounty public, we’re inviting anyone to submit security bugs. Front’s decision to take its bug bounty program public is more than just a strategic move; it’s a declaration of its unwavering commitment to security. By collaborating with a global community of researchers, Front reaffirms its dedication to safeguarding user data, strengthening its platform, and securing the future of customer communications and support.
Incentives and rewards
To motivate researchers and show our genuine appreciation, we offer bounties as a token of gratitude. We understand the importance of your contributions and will stay committed to acknowledging your efforts.
In line with this, Front has set up a tiered reward system to honor the invaluable efforts of ethical hackers. Depending on the severity of the identified vulnerability, rewards can start from $100 and soar up to $10,000 for the most severe vulnerabilities.
Starting today, anyone can submit bugs here: https://hackerone.com/fronthq
Written by Vinayendra Nataraja
Originally Published: 18 October 2023