BuycPanel Blog

BuycPanel Blog

Latest news and updates

1/23/2014 – cPanel Delivers Security Bounty Program

Posted by Jamison on 23 01 2014.

cPanel aims to extend benefits for every user who utilizes the system. One of the best ways to make this possible is by ensuring that every program runs accordingly through solid systems and high caliber security. With this in mind, cPanel presented the Security Bounty Program for security researchers who aid in finding out problems within the system.


Reward eligibility


The researcher must be eligible before receiving the reward. First, they should follow disclosure principles accordingly. Second, rewards are only limited to specific software like the main cPanel and WHM platform, EasyApache, and third party applications and customizations used by the aforementioned programs. Other software such as third party programs only integrated to the system is not included in the reward program.


Following certain protocols


People taking part of the program must follow certain protocols accordingly aside from the type of software to concentrate on. Protocols include reporting to a specific department or groups. Reporting the issue to other entities within cPanel will only make the person ineligible for the reward.


How the assessment occurs


cPanel’s security team will take note of the report and do initial assessment. They will then follow-up to the reporter regarded the report and solutions about the problem. The reporter is expected to respond in a timely manner.


After assessment, the security team will apply the appropriate fixes and distribute them to the clients. From there, the company will determine the payment terms and then give the reward to the rightful individuals after completing the assessment process.


All about confidentiality


The goal of the company is to ensure that every cPanel user is free from potential risk that may affect their systems. Most of the time, simple risks may cause a huge deal of problem for users and even compromise their accounts. Compromising their accounts also means affecting their respective customers.


cPanel expects that every researcher working on its systems share the same goal. Every information about potential vulnerability must remain within the Security Team and the researcher up until the time experts were able to solve the problem.


Breaching security issues


It’s essential for researchers to keep the details within themselves. Leaking the issue or discussing it with anyone enables everyone to take advantage of the situation. Even if the researcher only gives a hint about the problem, they will find themselves ineligible of the bounty reward program.


Working from the inside out


Most of the time, cPanel users may not see this program as something beneficial for them since it is a reward designed for security researchers. However, knowing that more people will be reminded of the company’s goal will certainly guarantee security for clients.


Next, knowing that researchers are committed to security enhancements will ensure that your server and site will be free from potential security problems.


The Security Reward Bounty is not only a reward system in discovering inconsistencies. It is also a way of acknowledging their experts’ commitment in fixing security issues, which will work towards the benefit of everyone using cPanel and its related software.