Zomato has put up a reward of up to Rs.3Lakh for anyone who finds a bug in their app or website.
Zomato has called forth security researchers and ethical hackers to find bugs in its website and apps as part of its bug bounty programme. Zomato noted that its security team will decide the severity of a vulnerability using the Common Vulnerability Scoring System (CVSS). The more severe a vulnerability, the more bounty or cash reward a hacker will receive. Zomato has categorised the vulnerability ties into low, medium, critical and high.
“For example, A critical vulnerability with CVSS 10.0 will be awarded $4,000; A critical vulnerability with CVSS 9.5 will be awarded $3,000 and so on,” Zomato said in a statement.
Zomato’s bug bounty programme requires two-factor authentication enabled to participate in.
Bug bounty hunters or ethical hackers have emerged in the past few years that help tech companies find loopholes in their system. Bug bounty hunters are mostly certified cybersecurity professionals or security researchers who crawl the web and scan the systems for bugs or flaws through which hackers can sneak in and alert the companies. If they are successful, they are rewarded with cash. Tech giants like Facebook and Microsoft organise bug bounty programmes rewarding their bounty hunters to help improve their system.
Zomato in its disclosure policy noted that the hackers or bounty hunters should inform the company as soon as possible after discovering a potential security issue, and should also give Zomato enough time to resolve the issue before disclosure to a third party and to ensure that privacy and data is not violated. Zomato has also noted that some of its Android mobile apps may qualify for an additional bounty through the Google Play Security Rewards Program. (https://hackerone.com/googleplay).
(Source: Business Today)
