Reward for finding bug in Zomato.
Friday, 9th July 2021
As part of the bug bounty program, Zomato has brought in ethical hackers and security researchers to find vulnerabilities in their websites and applications. Zomato noted that its security team will use the Common Vulnerability Scoring System (CVSS) to determine the severity of the vulnerability. The more severe the vulnerability, the more rewards or cash rewards the hacker will get. Zomato classifies vulnerability associations as low, medium, severe, and high.
"For example, a severe vulnerability with CVSS 10.0 will receive $ 4,000; a severe vulnerability with CVSS 9.5 will receive $ 3,000, and so on," Zomato said in a statement.
Zomato’s bug bounty program requires two-factor authentication to be enabled to participate.
Zomato pointed out that they have increased their reward to 4,000 US dollars, which is almost 299,000 rupees for finding errors in their system. "We attach great importance to the safety of Zomato and are committed to protecting our community. If you are a security researcher or expert and believe that you have discovered a security-related issue with the Zomato website or application, we will thank you for being responsible to us To disclose information in a timely manner," Zomato pointed out on HackerOne.
In recent years, ethical hackers or bug bounty hunters have emerged to help technology companies find vulnerabilities in their systems. Vulnerability bounty hunters are mostly certified network security professionals or security researchers. They will crawl the network and scan the system for vulnerabilities or defects. Hackers can sneak in through these vulnerabilities or defects and alert companies. If they succeed, they will receive a cash reward. Tech giants such as Facebook and Microsoft run bug bounty programs to reward their bounty hunters and help them improve their systems.
"The Zomato bug bounty program is an important part of our security work, and we hope this improvement will further inspire the hacker community. Thank you for your contribution to our program so far, and we look forward to your report!" The food delivery platform said in a statement Said in.
Zomato stated in its disclosure policy that hackers or bounty hunters should notify the company as soon as possible after discovering a potential security issue, and should give Zomato sufficient time to resolve the issue and ensure that privacy and the data have not been breached before disclosing it to a third party. Zomato also noted that some of its Android mobile apps may be eligible for additional rewards through the Google Play Security Rewards program. (Https://hackerone.com/googleplay).
The News Talkie Bureau
Source:
India Today