The Pinterest bounty program is managed through Bugcrowd. To see the terms of the program and participate, go to https://bugcrowd.com/portal/bounties/pinterest and sign up as a tester. You will need to accept the Pinterest terms of service to engage in testing. If you have identified a vulnerability, please report it via Bugcrowd to be eligible for a reward.

Our guidelines

  • Give us enough details to reproduce the vulnerability
  • Allow us a reasonable amount of time to fix the vulnerability before making any info public
  • Avoid data deletion, unauthorized data access, and service disruption while testing the vulnerability you found
  • Don’t ask for compensation for your report

Our commitment

  • We’ll let you know we got your report
  • We’ll give you an estimate of how long the fix will take
  • We’ll tell you when we’ve fixed the vulnerability

Our thanks

If your vulnerability report is valid and you'd like to be recognized for your contribution, we’d love to add you to our Heroes of Pinterest list, by name or anonymously. Some reports are also eligible for swag.  If your report is eligible we would also like to send you a little something as a thank you—include your preferred shirt style, size, and mailing address in your report.
 

Heroes of Pinterest

The following researchers have helped us identify and fix vulnerabilities. Thanks to all!
  • Ashley Boxhall
  • Muhammad Shahmeer
  • Michael Henriksen
  • Kamil Sevi
  • Ali Hasan Ghauri
  • Juan Broullón
  • Gökmen Güreşçi
  • Luis Teixeira
  • Sahil Dhar
  • Manish Bhattacharya
  • Dan Melamed
  • Brendon Tiszka
  • Nishant Das Patnaik
  • Christian Galeone