TikTok unveils bug bounty program, scraps with US government in court over looming ban
TikTok announced a global bug bounty program Thursday amid an ongoing court battle to continue operating in the U.S.
The program, a partnership with HackerOne, is an expansion of a more limited vulnerability disclosure program for the popular video-sharing app.
“This partnership will help us to gain insight from the world’s top security researchers, academic scholars and independent experts to better uncover potential threats and make our security defenses even stronger,” TikTok wrote in a blog post.
Researchers who uncover vulnerabilities can make between $50 and $14,800, depending on the severity of the flaw. TikTok has previously worked with security research companies to fix flaws they found.
A range of high profile companies have relied on bug bounty programs to solicit reports about vulnerabilities for which internal security personnel failed to account. Often, success depends on the firms’ ability to fix those flaws, and reward outside researchers in a way that doesn’t leave them frustrated.
TikTok’s announcement coincided with a federal judge temporarily halting a planned ban on TikTok downloads from U.S. app stores that was due to take effect on Sept. 27. President Donald Trump signed an executive order initiating the ban, citing, in part, national security concerns over TikTok’s parent company, Beijing-based ByteDance.
The company’s chief security officer previously said he is unaware of the specific concerns from U.S. national security officials.
A broader ban is set to take effect Nov. 12, and TikTok sued Wednesday for a preliminary injunction against those prohibitions. An appeals court also agreed Wednesday to speed up the Justice Department’s effort to overturn the Sept. 27 ruling.
Meanwhile, ByteDance awaits U.S. and Chinese government approval of a plan to break off its U.S. business into a U.S.-based company in which Oracle and Walmart would own a 20 percent stake, not that all the parties seem to be on board.