TikTok Launched a Public Bug Bounty Program in Collaboration with HackerOne


TikTok revealed this week that, in conjunction with HackerOne, it has introduced a public bug bounty scheme.

White hat hackers have been invited by the developer of the popular video-sharing and social networking software to find bugs in its key pages, plus multiple subdomains, and its apps for Android and iOS.

Researchers can receive between $1,700 and $6,900 from a high-severity error, while a serious problem can be credited with up to $14,800. Severity is calculated based on a vulnerability’s CVSS ranking.

For security analysts, discovering bugs in the TikTok app is not rare. The firm says that, through its bug bounty scheme, it has now paid out more than $40,000 so far, with top incentives exceeding $8,000.

Tik Tok has a strategy of vulnerability disclosure, but it only compensated those vulnerability reports and did not have a consistent payment mechanism.

“This collaboration will help us gain expertise from leading intelligence analysts, scientists, and independent experts around the world to further uncover emerging threats and improve our security defenses,” said Luna Wu of the Global Security Team at TikTok.

In the United States, the U.S. government has been seeking to ban TikTok, citing worries over national security and privacy. In court, TikTok appealed the decision and a judge recently sided with the Chinese firm, blocking the ban temporarily.

If its parent company, Bytedance, agrees to sell its U.S. activities to a local company, Washington said it will agree to continue allowing TikTok to operate in the region. An agreement fell apart with Microsoft and TikTok is now seeking to conclude an agreement with Oracle and Walmart.

Mark Funk
Mark Funk is an experienced information security specialist who works with enterprises to mature and improve their enterprise security programs. Previously, he worked as a security news reporter.