By Suhana Hyder, Vulnerability Management Leader, TikTok
TikTok's mission is to inspire creativity and bring joy, and the security of our global community is always a priority. Staying ahead of next-generation cyberthreats requires continuously strengthening the security and integrity of our platform. Critical to that effort is partnering with the world's best researchers, academic scholars, and independent experts to continuously test our own defenses.
In the past year, we've expanded our vulnerability disclosure policy to include a global bug bounty program with HackerOne. We've strengthened our global security organization and established global Fusion Center operations in Washington DC, Dublin, and Singapore. We've earned ISO 27001 certifications in the US, UK, Ireland, Singapore, and India for investing in the people, processes, and technology to keep our community safe. We've also partnered with leading organizations like the National Cyber Security Alliance to inspire leaders of the future and encourage people of all backgrounds to #BeCyberSmart.
As we celebrate our 1-year anniversary with HackerOne and the evolution of its Internet Bug Bounty (IBB) program, we're excited to spotlight the top ethical hackers helping TikTok pioneer new defenses to protect over 1 billion people worldwide. Through the partnership, we've awarded nearly $250,000 in bug bounties to over 150 hackers around the world for helping us identify and resolve over 225 vulnerabilities. Our comprehensive scope and commitment to transparency continues to draw new hackers to the program, and we aim to pay out eligible bounties within 2 days of triage with an average first response time of 14 hours.
“We’re delighted to celebrate this anniversary and continue to help TikTok keep their platform secure," said Ben Sadeghipour (@NahamSec), Head of Hacker Education at HackerOne. "TikTok’s program is a great example of the positive impact bug bounties can have on overall security, and we hope more organizations see the value that hackers and bug bounty programs can bring to their security teams."
Security is a team sport. To ethical hackers around the world: thank you for helping us keep the global TikTok community safe and secure by disclosing potential vulnerabilities, so we can quickly eliminate them.
As of October 1, this year's top 5 contributors are:
- bubbounty - bubbounty is a French bug bounty hunter who discovered ethical hacking while looking for a legal, secure, and fun way to learn practical hacking. Now his full-time job is hacking on TikTok's program and other large companies.
- luizviana - Based in Brazil, luizviana discovered hacking at age 12 while trying to hack online games for more points. He began studying security more seriously at age 16, and now he's hacking on programs like TikTok and performing penetration tests for Brazilian companies.
- s3c - s3c is a 22-year-old bug bounty hunter named Yusuf from Kurdistan, Iraq. He's worked in programming and web development since 2017, and he began hacking on public programs for global technology companies in 2018.
- dphoenixx - dphoenixx started hacking three years ago. While coding on PHP and Python, he discovered "The Web Application Hacker’s Handbook: Finding and Exploiting Security Flaws" and was immediately hooked on ethical hacking. He continues to learn by practicing on bug bounty programs for top social media, technology, and financial services platforms.
- k1ra_ - k1ra_ is an 18-year-old hacker based in Nepal. At age 13, the self-taught learner hacked into his neighbor's WiFi to let them know their network was insecure. Since then, he's gained experience with private and public bug bounty programs, including TikTok and global technology and financial services companies.
To learn more about TikTok's bug bounty program, visit our program page here. Follow our @TikTokTips account, and join us in highlighting ways to #BeCyberSmart by sharing tips to spot and defend against common cyberthreats.