WHMCS' security bounty program

[Damian]

From http://www.whmcs.com/security-bounty-program/ :

To show our appreciation for security researchers we are offering a monetary reward program for assistance with identifying and correcting certain qualifying vulnerabilities within the scope of this program. To see the terms of the program and to participate, please visit bugcrowd.com and sign up as a tester. You will need to accept the WHMCS bounty terms prior to engaging in testing. If you have identified a vulnerability, please report it via Bugcrowd to be eligible for a reward.

Security researchers play an important part in helping keep our product secure, and from today (December 6th, 2013), we now have an official program and process for handling their submissions and rewarding those who report issues and follow responsible disclosure principles.

This seems like a good step towards ensuring that us providers don't need to put our WHMCS into maintenance mode weekly, or even take it offline altogether. I just hope it doesn't bankrupt them :X

 

[Oliver]

Good. I can't make judgements about their financial situation and how they can pay for this but these days having a system like this in place seems sensible for any software developers/development company that produces software that so many businesses rely on heavily.

 

[Epidrive]

Good move indeed.

 

[SrsX]

Good move, I'll be submitted a few CSRF later.