Summary
This document is a technical report detailing SEEK Limited's approach to enhancing security through its managed public bug bounty program. Launched in June 2016, the program has rewarded 532 vulnerabilities with a total payout of $136,990. The report outlines SEEK's commitment to user security and privacy, emphasizing the importance of a consolidated channel for vulnerability reporting. It describes the integration of Bugcrowd's platform to leverage the skills of a diverse community of security researchers. The document highlights various security measures employed by SEEK, including code reviews, vulnerability scanning, and traditional penetration testing. It also discusses the benefits of transitioning to a public bug bounty program, which has increased the number of findings and raised security awareness among users. The report concludes by noting the importance of identifying patterns in vulnerabilities to establish secure defaults across applications and services.
