announcements

Auth0 Launches Bug Bounty Program

Private program reinforces company’s strong security ethos

BELLEVUE, Wash., Oct. 1, 2019 -- Auth0, a global leader in Identity-as-a-Service (IDaaS), today announced the launch of a private bug bounty program to further reinforce its emphasis on security and ensure that its customers are protected from any vulnerabilities.

The private bug bounty is a specialized program that will allow Auth0's security team to partner with selected researchers to source potential vulnerability discoveries in exchange for monetary rewards. The bug bounty will be run on Bugcrowd and will expand the company's current Responsible Disclosure Program, which is already in place.

"We take the privacy and protection of our customers' data very seriously and are dedicated to investing the time and resources into ensuring we adhere to the highest standards," said Joan Pepin, CISO and VP of Operations at Auth0. "Our security program is maturing rapidly, and the launch of this bug bounty program reinforces our dedication to our customers and the highest level of security we offer them."

Bugcrowd will select and invite security researchers registered on its platform based on skills and experience. Each report verified by Bugcrowd's Application Security Engineer team will be then sent to the Auth0 Product Security team to assess the severity of the finding, assign the researcher a monetary reward, move the issue to its internal vulnerability database, and work with relevant Product and Engineering teams towards remediation.

"Bugcrowd deploys a global Crowd of diverse, creative, and highly-skilled security researchers to identify and solve security challenges," said Ashish Gupta, CEO at Bugcrowd. "The result is our ability to provide highly specialized security expertise to the high caliber of companies we work with. We are really excited to be supporting the launch of Auth0's Bug Bounty Program and serve as an extension of its security team."

The program is launching with approximately 25 global researchers who have been identified and invited by Bugcrowd, and will increase in number later this year.

Auth0 is a trusted security partner to its customers and has achieved certification for many important compliance regulations, including HIPAA, SOC 2 Type II, ISO 27001, ISO27018, and more. Please visit Auth0 Security for more information.

About Auth0

Auth0 by Okta takes a modern approach to customer identity and enables organizations to provide secure access to any application, for any user. Auth0 is a highly customizable platform that is as simple as development teams want, and as flexible as they need. Safeguarding billions of login transactions each month, Auth0 delivers convenience, privacy, and security so customers can focus on innovation. For more information, visit https://auth0.com.

Media Contacts

Jeana Tahnk
Corporate Communications
Auth0
jeana.tahnk@auth0.com

Meghan Gardner
Matter for Auth0
auth0@matternow.com