With a new year come new plans and new goals. Security is always an essential topic for us at Showmax for several reasons — you can read more about that here. In this post, we discuss the many ways we work to provide high-level security for our users. Part of that plan was temporarily increasing bounties for vulnerabilities found in one specific, highly important part of our business.
It’s no secret that Showmax has been successfully running a public bug bounty program on the HackerOne platform. While we have received useful insights from talented researchers, there was always one challenge. Even though it’s free to create an account on the Showmax platform, the service itself is not available worldwide. Additionally, there are differences among markets, different content, different payment methods, and more. Taking availability and market differences into account, most security researchers can access only part of the whole Showmax experience.
Recently, we removed this obstacle for researchers who have already successfully participated in our program. Provided that you had previously submitted a valid report to us on the HackerOne platform, you could have applied to get access to test accounts that had geolocation override settings set up. And of course, you would get the test accounts with promo codes to activate Showmax subscription to test all of our features.
A core Showmax feature — and one of the most important areas of our business — is secure streaming. To encourage security researchers to focus more on that specifically, we offered an increased $2000 bounty for researchers who could find a way to stream premium content for free. What we were looking for was the ability to stream — for free — content that should have been available only to paying subscribers.
Looking at the numbers, we are very happy with the results. In fact, we received 20% more reports year-on-year. On top of that, many of the issues reported were valid and we are already working to eliminate them. We want to give a big THANK YOU to all of the security researchers who contributed.