We are pleased to announce that New Relic has partnered with HackerOne to help our users test for and alert our security team to discovered vulnerabilities. To help explain what we’re doing, we’ve created this brief FAQ:
What is your responsible disclosure program?
Our responsible disclosure program is a set of guidelines put forward by the security team at New Relic. These guidelines outline methods researchers can use to test for and report security issues to us in a responsible manner.
Why are you starting up a responsible disclosure program?
The more security bugs we find out about, the more bugs we can fix, and the more secure our product becomes.
Our user base is a very large, passionate, and technical group of people. With that many sharp eyes on our products every day, it is possible that bugs will be found from time to time. When these bugs manifest as security issues, we want to encourage users to report them to us via an appropriate channel, without fear of repercussions.
Furthermore, the security research community includes many individuals who routinely test for security vulnerabilities. This program will allow us to define a scope within which these researchers can responsibly test our systems, and help us encourage the discovery and remediation of as many vulnerabilities as possible.
What is HackerOne?
HackerOne is the leading platform for responsible disclosure and bug bounty programs, boasting industry-leading clients such as Yahoo!, Twitter, Adobe, Slack, and many more. The HackerOne platform allows us to host, triage, and respond to reports in an efficient and effective manner, helping New Relic provide the most secure product possible to our customers.
Is this a bug bounty program?
At this time, we are not awarding bounties or cash rewards for reported vulnerabilities. However, researchers will earn HackerOne Reputation based on the merit of reported vulnerabilities, which may help qualify them for private bug bounty programs.
How can I get started?
First, you’ll need to create a HackerOne profile. Then you’ll be able to read through our program rules at https://hackerone.com/newrelic and get started! That’s it.