via wptavern.com => original post link
Wordfence launched a bug bounty program today to provide financial incentive for security researchers reporting high risk vulnerabilities to the company’s program.
After researchers disclose vulnerabilities to Wordfence, the company triages them and confidentially discloses them to the vendors to fix. When the fix is released, the vulnerability will be included in Wordfence’s public database, which is free to access, following a responsible disclosure policy.
“There is no cap on the rewards an individual researcher can earn, and every single in-scope vulnerability received via our submissions process earns a reward bounty,” Wordfence security analyst Chloe Chamberland said.