AT&T Communications recently celebrated its first anniversary on HackerOne, passing $1 million in payouts to more than 850 researchers worldwide.
The HackerOne program is a progression from AT&T’s previous, self-administered program that offered a limited number of payouts each quarter. It now offers a wider digital footprint for vulnerability discovery, and no restrictions on who can participate.
AT&T was one of the first communications firms to launch a bug bounty program of this scale.
“A bug bounty program is about trying to stay a step ahead – to discover problems before they can be misused,” said Reynaldo Candelario, principal – cybersecurity at AT&T. “Internal vulnerability scans and other internal mitigations are important. But continuous pressure testing from an external, creative community allows AT&T to cover even more ground with the resources we have.”
AT&T Communications is one of the world’s leading providers of communications and entertainment across TV, mobile and broadband. Its digital assets include websites, exposed APIs, mobile applications and devices like set-top boxes.
“Companies should be grateful for extra help finding bugs in their systems,” Candelario said. “Collaboration with the research community ultimately helps us deliver products and services that are more secure for the general public.”
AT&T plans to fine-tune the program this year, including quicker payouts and streamlined triage and mediation.
If you want to learn more about AT&T’s bug bounty program or want to submit a vulnerability report, visit https://hackerone.com/att.