Netflix has had a vulnerability disclosure program since 2013. Over the past five years, the program expanded in both scope and bounty size, including a $15,000 payout on an unspecified critical vulnerability.
That amount will continue to be the monetary ceiling for bounties under the public program.
The decision to go public opens up the service to any vulnerability hunter signed up with Bugcrowd. That means the California-based streaming service joins everyone from the U.S. military to Mastercard and Twilio in launching a public bug bounty program.
Last month, Bugcrowd took in a $26 million round of funding after opening new offices in London and Sydney.
Merely having a bounty program is rarely enough. In a climate where security researchers and journalists have been targeted by litigious tech firms, companies are finding to new ways to improve their programs.
For instance, Dropbox revamped their vulnerability disclosure process to protect researchers from litigation, pressing other companies to do the same.