Food delivery platform Zomato announced on 15th July 2021 that the bounty for its Bug Bounty Program has been increased across severity levels. According to Zomato, depending on the severity of the vulnerability, an individual can win up to $4,000 (Rs. 2.99 lakh) for discovering a bug on its website or mobile application.
“The Zomato Bug Bounty Program is a crucial part of our security efforts and we hope that this improvement will further motivate the hacker community. Thank you for your contribution to our program so far and we look forward to your reports!” the food delivery platform said in a statement.
The company’s security team will use the Common Vulnerability Scoring System (CVSS) to identify the severity of a vulnerability, and the rewards will be distributed according to the CVSS score determined by the company’s security team. A critical vulnerability with a CVSS of 10.0 will receive $4,000; a critical vulnerability with a CVSS of 9.5 will receive $3,000, and so on.
According to Zomato, participation in the program requires the use of two-factor authentication. Zomato also promised to pay more for bugs that are rare or unusual. Furthermore, vulnerabilities with complex requirements that reduce the likelihood of exploitation may be paid less.