"Like other major tech players have been doing as of late, we're tapping some of the most talented security researchers as a proactive and precautionary measure – in addition to our dedicated developer and security teams – to ensure not only the security of our site but that of our users, which is paramount to us," said PornHub Vice President Corey Price.



"The brand new program provides some of our developer-savvy fans a chance to earn some extra cash – upwards to $25K – and the opportunity to be included in helping to protect and enhance the site for our 60 Million daily visitors."

How to Earn $25,000 Reward

Be the first to report a security bug directly related to the company infrastructure.

Send a description of your bug report, explaining the type of vulnerability and how it works.

Include screenshots and proof of concept code to substantiate your claim.

Disclose your finding directly and exclusively with Pornhub.

With the growing number of cyber attacks and data breaches, a significant number of companies and organizations have started Bug Bounty Programs to encourage hackers and security researchers to find and responsibly report bugs in their services and get a reward.Now, even pornography sites are starting to embrace bug bounty practices in order to safeguard its user's security.The world's most popular pornography sitehas launched a bug bounty program for security researchers and bug hunters who can find and report security vulnerabilities in its website.Partnered with HackerOne, PornHub is offering to pay independent security researchers and bug hunters between $50 and $25,000, depending upon the impact of vulnerabilities they find.HackeOne is a bug bounty startup that operates bug bounty programs for companies including Yahoo, Twitter, Slack, Dropbox, Uber, General Motors – and even the United States Department of Defense for Hack the Pentagon initiative.To qualify for a bounty reward, security researchers and bug hunters must meet the following requirements:The company is currently considering serious flaws that could compromise its server and entire website.Vulnerabilities such as cross-site request forgery (CSRF), information disclosure, cross domain leakage, XSS attacks via Post requests, HTTPS related (such as HSTS), HttpOnly and Secure cookie flags, missing SPF records and session timeout will not be considered for the bounty program.The bounty program has currently been in a beta phase, with the company extending it via invite only. You can read complete eligibility for the bounty program on HackerOne website