The programme today launched in an early phase where researchers could report bugs through managed bounty service BugCrowd although cash rewards are not yet on offer.
Security engineer Paul Moreno said the site valued in May at $5 billion hosted events where its in-house dedicated teams competed to crush bugs.
"We even host internal fix-a-thons where employees across the company search for bugs so we can patch them before they affect Pinners," Moreno said in a post.
"Even with these precautions, bugs get into code ... starting today, we’re formalising a bug bounty programme with Bugcrowd and updating our responsible disclosure, which means we can tap into the more than 9000 security researchers on the Bugcrowd platform."
The BugCrowd deal was a "first step" which would evolve into a paid cash programme that Moreno expected would result in a more efficient disclosure process.
Detailed public Pinterest bug reports appear to be scarce. In February 2012 security researcher Shadab Siddiqui disclosed to Softpedia cross-site scripting, iframe injection and SQL injection flaws that he said could allow user accounts to be hijacked. Pinterest plugged the holes shortly after.