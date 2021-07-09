Home

    • Zomato will pay Rs 3 lakh if you find a security gap on its app or website

    Zomato will pay Rs 3 lakh if you find a security gap on its app or website

    By CNBCTV18.com | IST (Published)
    Zomato will use the Common Vulnerability Scoring System (CVSS) to assess the severity of the vulnerability.

    Zomato will pay Rs 3 lakh if you find a security gap on its app or website
    India’s leading food delivery platform Zomato has announced a reward of up to Rs 3 lakh ($400) if anyone can find a critical vulnerability on the company's app or website.
    The tweet by Zomato’s security engineer Yash Sodha said, “Starting July 8, we’re increasing the rewards for @zomato's bug bounty program: $4,000 for critical, $2000 for high, and so on. We welcome your participation and look forward to your reports! Happy Hacking :).
    "The Zomato Bug Bounty Program is a crucial part of our security efforts and we hope that this improvement will further motivate the hacker community. Thank you for your contribution to our program so far and we look forward to your reports!" Zomato's statement read.
    Zomato will use the Common Vulnerability Scoring System (CVSS) to assess the severity of the vulnerability. A critical vulnerability with CVSS 10.0 will be awarded $4,000, while a vulnerability with CVSS 9.5 will be awarded $3,000. Zomato's bug bounty programme requires two-factor authentication enabled to participate in.
    Fixing bugs and rewarding ethical hackers has become common for biggies like FAANG and Microsoft. FAANG, an acronym for Facebook, Amazon, Apple, Netflix, and Google (Alphabet Inc), frequently announces rewards programs for anyone who can identify and fix bugs.
    In the recent past, Amazon Web Services (AWS) rolled out the world’s first global competition for Java and Python developers to collectively fix one million bugs.
    Alphabet Inc’s Google had also announced rewards worth Rs 7 crore for any tech developer who could find any bug or vulnerability in their Android 12 software.
