Zomato increases bug bounty, to pay $4,000 for detection of a critical vulnerability

The severity of the bug detected would be determined by the Zomato security team on the basis of the Common Vulnerability Scoring System(CVSS) score

Food delivery company Zomato on Thursday announced an increase in bounties paid to those who can find bugs on its mobile and web platform. Anyone who finds a bug of a critical severity can get a maximum bounty of $4000(around INR 2.98 lakh).

Zomato has set four tiers of bounty ranges to be awarded depending upon the severity of the vulnerability which gets exposed. Detection of a low severity threat would entitle a person to an amount in the range of $100 to $300. Meanwhile, those who find bugs of the medium and high category would be awarded in the ranges of $300-$1000 and $1,000 to $2,000 respectively. The maximum bounty range of $2000 to $4000 will be awarded for the detection of a bug of critical severity.

Advertisement

“The Zomato Bug Bounty Program is a crucial part of our security efforts and we hope that this improvement will further motivate the hacker community. Thank you for your contribution to our program so far and we look forward to your reports!” it said in a statement on hackerone.com.

The severity of the bug detected would be determined by the Zomato security team on the basis of the Common Vulnerability Scoring System(CVSS) score which would determine the amount of bounty to be granted. A bug of a critical severity with a CVSS score of 10.0 will be rewarded with $4000 while a score of 9.5 in the same category will entitle the person to $3,000. Two-factor authentication is mandatory for any user who wishes to participate in the bug bounty programme.

The information was also tweeted by Yash Sodha, a security engineer at Zomato.

Meanwhile, Zomato’s much-awaited IPO worth Rs 9,375 crore will hit Dalal Street on July 14 at a price band of Rs 72-Rs 76.