23andMe Launches a ‘Bug Bounty’ Program

In a continued give attention to safety vigilance, 23andMe launched a “bug bounty” program by Bugcrowd soliciting moral hackers desirous about figuring out potential safety vulnerabilities throughout its digital property.

Bugcrowd, a San Francisco-based cybersecurity firm, helps join companies to safety researchers (aka moral or whitehat hackers) and awards bounties for locating safety vulnerabilities. The corporate helps to handle the general program, triage and validate recognized vulnerabilities, and handle financial incentives.

Bug Bounty

23andMe has lengthy had a personal bounty program with Bugcrowd. Over the past yr, about 1,900 moral hackers and safety researchers looked for safety vulnerabilities as a part of that personal bug bounty program. 23andMe is now making this system publicly accessible to all safety researchers and hackers. The transfer to a public bug bounty program is supposed to solicit a bigger pool of moral hackers who can take a look at our safety methods, mentioned David Baker, 23andMe Chief Safety Officer.

“Privateness and safety have all the time been in our DNA,” David mentioned. “However leveraging a broader group of exterior safety researchers and moral hackers is just going to enhance the already nice work the workforce is doing.”

Tradition of Safety

Since coming to 23andMe in early 2020, David has helped to construct upon a tradition of safety company-wide. Throughout his tenure, 23andMe’s IT and safety workforce has labored with exterior auditors to scrutinize our methods and within the course of added two further privateness certifications and renewed an present safety certification.

23andMe has additionally instituted extra systematic inner coaching, and even gamified safety. October is cybersecurity month and it’ll additionally mark “Hacktober” at 23andMe, a month-long competitors to lift safety consciousness. The train pits inner groups from all departments in opposition to one another.


Final yr the competitors included figuring out and reporting phishing, in addition to a “seize the flag” competitors for engineers. That included challenges in several areas like AWS safety, cryptography, net purposes, and command-line assaults. Every problem had a unique flag goal. There was even an inner bug bounty program the place workers might earn payouts for reporting safety vulnerabilities.

This yr’s Hacktober additionally corresponds with the launch of the general public bounty program by Bugcrowd. Our public bounty program with Bugcrowd comes as public consciousness and concern about subtle hacks, ransomware, and knowledge breaches are undercutting confidence within the potential of governments, companies, and different establishments potential to guard private knowledge.

Securing and guaranteeing the privateness of our prospects’ knowledge is paramount at 23andMe. This public bug bounty program will encourage exterior safety researchers and moral hackers to competitively discover and repair potential safety flaws. It additionally constantly assist us harden our methods from assault.

For extra data on 23andMe’s bug bounty program go to https://bugcrowd.com/twentythree-and-me.

The publish 23andMe Launches a ‘Bug Bounty’ Program appeared first on 23andMe Blog.

Powered by WPeMatico