A new chapter for Plaid’s bug bounty program

Plaid, a financial services product used by millions of consumers, has doubled its bug bounty rewards starting October 2021 as part of Cybersecurity Awareness month. The company first launched the program on HackerOne in November 2016 and since then has received hundreds of reports across their product portfolio, paying out dozens of bounties from low to high severity. Plaid's bug bounty program is a crucial part of its security strategy, which also includes upfront security reviews, threat modeling, automated scanning, periodic penetration testing, and a well-formed security strategy. The company has paid $22,500 in total bounties so far, with the highest reward being $2,500 for a critical vulnerability. Alongside the increased rewards, Plaid has also made minor updates to its SLAs, program rules, and program scope.