2016.06.02 Corporate Announcement
To Run Indefinitely for Continuous Improvement of the Safety and Security of LINE’s Services
Tokyo, Japan – June 1, 2016 – LINE Corporation has announced the start of its “LINE Security Bug Bounty Program,” in which users across the globe are invited to report vulnerabilities in the iOS and Android versions of the LINE app to receive cash rewards in return. The program is scheduled to run indefinitely.
LINE Security Bug Bounty Program Official Website URL
Ever since launch, LINE has implemented a series of stringent security measures, such as testing the security of new releases via a dedicated security team and engaging internal and external experts to address potential application vulnerabilities. As part of these efforts, LINE ran a “LINE Bug Bounty Program” for a limited time from August 24 to September 23, 2015, offering rewards to users who reported vulnerabilities they found in the LINE app during the program timeframe. As a result, 200*1 vulnerability reports were submitted from around the world, of which 15 were confirmed as newly reported bugs. All of the bugs were immediately patched, making a significant contribution towards improving the safety of LINE’s services*2.
*1: Total number of reports received including incomplete reports and general bug reports.
*2: Press release on the results of the previous programs: http://linecorp.com/en/pr/news/en/2015/1139
An additional bug was confirmed after the press release: http://linecorp.com/en/security/article/57
Based on these results and the knowledge and experience gained through the operation of the program, LINE Corporation concluded that offering cash rewards for vulnerability reports helps to ensure a safer and more secure service for users. For this reason, it decided to conduct the “LINE Security Bug Bounty Program”*3 for an indefinite period.
*3: The name of the program has been changed to clarify the purpose of the program.
The LINE Security Bug Bounty Program offers users rewards if they report security vulnerabilities in the latest versions of the iOS and Android versions of the LINE app as of June 2 (Version 6.3) which are later confirmed and investigated by LINE Corporation. Users’ names as well as the details of their reported vulnerabilities will be inducted into the Hall of Fame on LINE Corporation’s official website at https://bugbounty.linecorp.com/en/halloffame/, and cash rewards will be paid to reporting parties according to the nature and severity of the bugs reported. Public announcement of the bug details and payment of cash rewards will be made after the reported vulnerabilities have been fixed.
Users who report bugs that LINE Corporation is already aware of or bugs that have already been reported by others will not be given a reward. Finally, the scope of this program will be limited to LINE apps, and bugs reported for other LINE family apps and services will be ineligible for the LINE Security Bug Bounty Program. However, LINE Corporation will consider expanding its program to include other services in the future.
LINE Corporation will continue to take any measures possible to protect user privacy and strengthen its security measures in order to ensure the safest and most secure user experience possible.