Bug Hunter Camp 2025
2025-07-09 02:58:56

Cybozu Celebrates a Decade of Vulnerability Reward Program with Bug Hunter Camp 2025

Overview of Cybozu's Vulnerability Reward Program


Cybozu Inc., headquartered in Chuo-ku, Tokyo, is celebrating the tenth anniversary of its vulnerability reward program. From July 5 to July 7, 2025, Cybozu will hold the fifth edition of the "Bug Hunter Camp," where security experts from outside the company report vulnerabilities in products such as kintone and Garoon in real time. During this event, a total of 61 vulnerabilities were reported, with 39 confirmed as valid, showcasing the effectiveness of this program in improving security.

What is the Bug Hunter Camp?


The Bug Hunter Camp is an intensive event lasting three days where external security researchers, known as bug hunters, report vulnerabilities. The Cybozu Product Security Incident Response Team (Cy-PSIRT) assesses and verifies these vulnerabilities. This event, which began in 2014, focuses on collaboration between the company's employees and bug hunters to enhance product safety. This year, innovative measures, including introducing a "fever time" where scores for specific products were significantly increased, were implemented to encourage more vulnerability reporting.

Details of Bug Hunter Camp 2025 and Results


  • - Event Dates: July 5-7, 2025
  • - Location: Maholova Minds Miura, Kanagawa Prefecture
  • - Format: Team competition (Prizes awarded to the team with the highest vulnerability verification score, with rewards distributed to individual hunters)
  • - Products Targeted: kintone AI, kintone Wide Course, and Garoon (package version)
  • - Number of Bug Hunters: 8 participants (2 teams of 4)
  • - Total Vulnerabilities Reported: 61
  • - Confirmed Vulnerabilities: 39 (Subject to change as post-event evaluations are conducted)
  • - Total Reward Amount: To be finalized after post-event evaluations (Individual rewards range from 10,000 JPY to 2 million JPY per vulnerability)

Overview of Cybozu's Vulnerability Reward Program


Cybozu's vulnerability reward program started in November 2013, when the company hosted its first-ever vulnerability discovery contest. Following this, in June of the following year, they established the continuous vulnerability reporting reward program. Over the years, this initiative has gained recognition and has been held annually. From 2015 to 2024, a total of 1,941 vulnerabilities have been reported, with 784 confirmed. The total amount of rewards distributed has reached approximately 74 million JPY.

Through initiatives like the Bug Hunter Camp and the vulnerability reward program, Cybozu aims to foster interest in vulnerability discovery while continually improving the quality of its products.
For more information, visit the Cybozu Vulnerability Reward Program page: Cybozu Bug Bounty


画像1

画像2

Topics Business Technology)

【About Using Articles】

You can freely use the title and article content by linking to the page where the article is posted.
※ Images cannot be used.

【About Links】

Links are free to use.