Today, Netflix announced the launch of its public bug bounty program. The company, which has been expanding its bug bounty setup over the last few years, started with a responsible vulnerability disclosure program in 2013. That then led to its private bug bounty program, which it launched in 2016 with 100 Bugcrowd researchers on board. Since then, Netflix has invited over 700 researchers to participate and has received 145 valid submissions since launch. The company's new public program is on the Bugcrowd platform.
Netflix joins a number of other companies that have public bug bounty programs aimed at rooting out security flaws before they become an issue. Intel recently opened up its program following the Meltdown and Spectre fiasco while Apple launched its in 2016. Samsung, Google, DJI and Twitter are also among those with bug bounty programs.
On average, Netflix pays out $1,102 for valid submissions, though it has paid as high as $15,000 in the past. You can see the company's payout scale here. The company says its report acknowledgement average is 2.7 days and researchers that spot an issue that Netflix then fixes get added to the Security Researcher Hall of Fame.