Food delivery company Zomato is about to launch an IPO soon. The food delivery platform, which is in the news due to the IPO, on Thursday increased the reward on its bug bounty program. If a person detects any kind of bug in Zomato’s app or website, then he can win up to $ 4,000 (i.e. around 3 lakhs). In a statement available on HackerOne, the company said that Zomato’s bug bounty program is an important part of our security efforts and we hope increasing the rewards will further motivate hacker groups.
This statement was tweeted by Yash Sodha, a security engineer at Zomato. Sodha tweeted that starting today we are increasing rewards for Zomato’s bug bounty program: $4,000 for critical bug finders and $2000 for higher bugs, and so on for other bugs.
read this also:- Amazon’s biggest sale will start on July 26, will get tremendous discounts on more than 300 products
Starting today, we’re increasing the rewards for @zomato‘s bug bounty program: $4,000 for critical, $2000 for high, and so on. We welcome your participation and look forward to your reports! Happy Hacking 🙂 Find more details here: https://t.co/OSvNH1q6Mm
— Yash Sodha (@y_sodha) July 8, 2021
These parameters set for the reward
Zomato’s security team will use the Common Vulnerability Scoring System (CVSS) to decide the severity of the damage. Based on which the final reward will be calculated. The more serious the threat, the higher the reward for the hacker. Zomato has divided the threats into low, medium, critical and high categories. With CVSS 10.0, the user will be rewarded $4,000 if the threat is critical. At the same time, with CVSS 9.5, the user will be awarded $3,000 for detecting the threat.
read this also:- Big news for BSNL customers, now you can spend less than Rs 50 to get the benefit of 10GB data, free calling and SMS
Two Factor Authentication has to be enabled to participate in Zomato’s bug bounty program. Bug bounty hunters are mostly certified cybersecurity professionals or security researchers who crawl the web and scan systems for bugs or vulnerabilities through which hackers can sneak into companies and alert them.