2017.04.10 LINE App
Tokyo – April 10, 2017 – LINE Corporation has announced that it is expanding the scope of its “LINE Security Bug Bounty Program,” in which users across the globe are invited to submit vulnerabilities in its services to receive cash rewards in return.
LINE Security Bug Bounty Program Official Website
LINE is continuously implementing stringent security measures, such as testing the security of new releases via a dedicated security team and engaging internal and external experts to address potential application vulnerabilities. As part of these efforts, LINE ran a “LINE Bug Bounty Program” for a limited time from August 24 to September 23, 2015, offering rewards to users who reported vulnerabilities they found in the LINE app (iPhone/Android) during the program timeframe.*1 As a result, on June 1. 2016 LINE changed the name to “LINE Security Bug Program,” scheduled it to run indefinitely, and has been running it ever since.*2 From inception through the end of March 2017, the “LINE Security Bug Program” has received 133 submissions, and 5 issues (from 3 participants) have been identified as vulnerabilities as outlined in the Program. Though the submissions were outside the scope of the Terms of Service, a further 16 participants have been recognized as “special contributors” due to their provision of valuable information that contributed to improving the security of LINE services.
*1: Press release announcement: https://linecorp.com/en/pr/news/en/2015/1050
*2: Press release announcement: https://linecorp.com/en/pr/news/en/2016/1370
From today, LINE is expanding the scope of the “LINE Security Bug Bounty Program” to include the Chrome and Windows 10 Mobile versions of the LINE app, as well as the LINE STORE, LINE NEWS, LINE MUSIC and LINE LIVE websites. As of this announcement, LINE will screen submissions for eligibility and, if recognized as a vulnerability, fix the bugs and finally provide a report. LINE will continue to evaluate adding further services to the scope of this program going forward.
LINE Corporation will continue to take any measures possible to protect user privacy and strengthen its security measures in order to ensure the safest and most secure user experience possible.
What is the LINE Security Bug Bounty Program?
The LINE Security Bug Bounty Program offers users rewards if they report security vulnerabilities in services falling under its scope (the latest versions of the LINE app and each website) which are later confirmed and investigated by LINE Corporation. Users’ names as well as the details of their reported vulnerabilities will be inducted into the Hall of Fame on LINE Corporation’s official website at https://bugbounty.linecorp.com/halloffame/, and cash rewards will be paid to reporting parties according to the nature and severity of the bugs reported.
Please see the following for further details: