LINE implements countermeasures on application vulnerability, employing both external and in-house experts, including security inspection by a dedicated organization.
Security by design
At LINE, inspections are conducted by various specialized divisions prior to application disclosures or updates . One of them is verification of application security by a dedicated security team. Details of the inspections are given below.
Inspections on the presence of security holes through program verification and automatic/manual simulated attacks
■ Excessive permission*:
Inspections on whether excessive permission has been granted for features offered by the application
* Here, the term refers to authority demanded by the application from iOS, Android OS, etc.
■ Security design:
Inspections on suitability of encryption strength, countermeasures against third-party account hijackings, unauthorized service behavior, etc.
By building in security measures from the stage of system design and configuration, LINE has built a security framework that enhances stability and scalability of security levels and is able to deal with ever-changing risks with versatility.
Cooperation with external specialists and state-of-the-art information gathering
LINE has formed an across-the-board incident response team (LINE-CSIRT) organized chiefly of security teams to implement advanced security measures and countermeasures. Furthermore, LINE is a member of the following organizations to seek cooperation with external parties and to access the latest information outside the organization, for continual assessment of technological changes in the face of the ever-changing and continuous development of security threats.
Nippon CSIRT Association: http://www.nca.gr.jp/member/line-csirt.html
Vulnerability reporting system
For the further reinforcement of application security, LINE is actively gathering knowledge not only within its organization but also from outside sources. As part of this effort, LINE has organized the "LINE Bug Bounty Program" under which rewards are paid to outside parties who have discovered vulnerabilities in LINE applications. For details of the vulnerability reporting system, please check here.