AdsPower Enhances Security with Bug Bounty Program and New BugRap Partnership
Take a Quick Look
AdsPower's Bug Bounty Program, launched in 2024, rewards researchers for identifying vulnerabilities. Partnering with Huoxian and BugRap, the program has strengthened security, leading to important fixes and ongoing improvements to ensure user safety.
Keeping our online information safe is very important. As we use the internet more for personal and work reasons, protecting our accounts and data has become crucial. AdsPower, an antidetect browser designed for multi-account management and privacy protection, is deeply committed to ensuring its users' safety online.
In early 2024, we received feedback from users expressing concerns about data security on our platform. We took these concerns seriously and launched the Bug Bounty Program. This program helps us find and fix security problems in our services.
Now, let's look at how this program work and how it strengthens AdsPower's ongoing mission to ensure a secure and reliable experience for its users.
What is the Bug Bounty Program?
The Bug Bounty Program is an initiative to strengthen AdsPower's platform security by encouraging global security researchers to identify and report vulnerabilities through a reward system. This program aims to create a more secure environment where users can safely manage multiple accounts without fear of association issues, bans, or restrictions. It highlights AdsPower's steadfast commitment to privacy and security, reinforcing its core values of protecting user data and continually improving the platform for a safer user experience.
Q&As about the Bug Bounty Program
Q1: Why Did AdsPower Partner with Huoxian?
A1: AdsPower partnered with Huoxian, a leading cybersecurity firm specializing in data and cloud security, because of their extensive experience in vulnerability research on major cloud platforms like Aliyun and Tencent Cloud. This expertise aligns perfectly with AdsPower's technical direction.
Q2: How Does the Bug Bounty Program Work?
A2: The program is structured in phases to maximize its effectiveness. In the initial 30-day period, 55 security researchers were invited to identify vulnerabilities in AdsPower. Subsequently, the program was extended by 15 days, bringing in additional researchers. Throughout this process, researchers report vulnerabilities, which AdsPower then reviews, categorizes, and addresses.
Q3: How Much Does the Bug Bounty Program Pay Out?
A3: The Bug Bounty Program rewards researchers based on the vulnerability level. We have divided the assessments into 4 types: serious, high-risk, medium-risk, and low-risk. Researchers who report serious vulnerabilities can receive rewards up to 750 USD, with an additional 20% bonus for particularly high-quality reports.
*Subject to dynamic adjustment based on circumstances
Q4: What Were the Results of the Bug Bounty Program in Its First 45 Days?
A4: In the first 30 days, 12 researchers submitted over 20 reports, of which14 were valid. Then, we added 15 more days to the program. This brought in 20 more researchers, ultimately resulting in over 40 submitted reports. Over 40% of the reports were deemed valid.
Q5: What Key Issues Did the Program Address?
A5: The Bug Bounty Program uncovered and resolved critical issues in user permissions and infrastructure. A notable improvement involved refining permissions to prevent members from viewing or modifying administrator-created profiles. This resulted in a more logical and secure permission hierarchy, significantly reducing the risk of unintended actions.
Q6: How Does the Bug Bounty Program Benefit AdsPower and Its Users?
A6: The Bug Bounty Program improves AdsPower's security and helps fight off cyber attacks, including hacking. For users, this means AdsPower is actively working to keep their accounts safe, making them feel more secure when using AdsPower.
Q7: How Long Will the Bug Bounty Program Remain Active?
A7: The Bug Bounty Program will remain active as long as the dedicated section exists on the official website. We continue to receive a consistent stream of reports, indicating ongoing engagement from security researchers.
AdsPower Partners with BugRap to Enhance Digital Security
In addition to the in-house bug hunter program, AdsPower is actively seeking partnerships with various bug bounty platforms. Recently, AdsPower joined BugRap, a leading bug bounty platform! By partnering with BugRap, we're reinforcing our commitment to digital identity security and providing enhanced virtual browser profile management.
Rewards will be provided according to the Bug Bounty Program rules shown on the image. Based on the quality, creativity, and novelty of submissions, AdsPower may adjust payouts within the specified range.
For multiple reports about the same issue, AdsPower rewards the earliest submission, regardless of the reporting method.
Together, let's build a safer, smarter digital landscape!
