Grammarly Launches Public Bug Bounty Program

Grammarly, the popular service for checking grammar and spelling, this week announced the launch of a public bug bounty program. Grammarly has been running a private bug bounty program with HackerOne for more than a year. The program has nearly 1,500 participants and resulted in payouts totaling $50,000. The company has now decided to make its program public – also via HackerOne – and it’s prepared to pay up to $3,000 for critical vulnerabilities. However, Grammarly says it may pay bonuses for unusual hacks, and rewards could be higher than expected if a report leads its internal security team to discover a more severe issue. “Pricing is flexible, depending on the impact of the discovered vulnerability or for other instances such as a well-defined report or its automated version, which makes it easier to improve our internal testing framework,” Joe Xavier, VP of Engineering at Grammarly, told SecurityWeek.