Adobe was not the first who has launched vulnerability disclosure program for security researchers. Big giants like Facebook, Microsoft, PayPal, Mozila and many other software giants has received hug success after introducing this program. After these bounty programs launch these companies managed to overcome some very severe vulnerabilities in their software and website.
On a blog post the company’s Security program manager Pieter Ockers said that ” In recognition of the important role that independent security researchers play in keeping Adobe customers safe, today Adobe launches a web application vulnerability disclosure program on the HackerOne platform. Bug hunters who identify a web application vulnerability in an Adobe online service or web property can now privately disclose the issue to Adobe while boosting their HackerOne reputation score.”
In its bug disclosure guideline Adobe encourages security researchers to focus on web application vulnerabilities like Cross-site scripting, authentication or authorization flaws, injection vulnerabilities, injection vulnerabilities, information disclosure, Cross-site request forgery in a privileged context, Directory Traversal, Server-side code execution,Significant Security Misconfiguration.
The reward amount has not been disclosed by the Adobe but it is believed the the amount of reward will be decided after the Adobe’s security team asses how severe the vulnerability is. Adobe also says that the researcher should not publicly disclose the vulnerability before reporting it to them.