Asian e-commerce giant Lazada launches first public bug bounty program

0 0


Jessica Haworth

14 June 2021 at 13:45 UTC

Updated: 15 June 2021 at 07:32 UTC

Popular online shopping platform is offering up to $10k for â€کmax critical’ vulnerabilities

E-commerce platform Lazada has launched its first public bug bounty program with YesWeHack.

The website, which was founded in Singapore but serves countries across Southeast Asia, is offering up to $10,000 for successful vulnerability reports.

It comes after a previously private program, launched in January 2020, that has already paid out around $150,000 in rewards.

In a statement, Lazada said it hopes that the program will make a statement to the e-commerce industry, “highlighting the priority it places on security and transparency for its customers and partnersâ€‌.

A detailed list of the vulnerabilities and applications that are in scope can be found on YesWeHack’s website.

Public offering

A spokesperson from YesWeHack told The Daily Swig that while there has been a recent uptake in bug bounty programs across Southeast Asia, they have mainly been available on an invite-only basis.

The spokesperson explained: “They are less willing to initiate public programs as it is not as common as in Europe and the United States.â€‌

YOU MIGHT LIKE CVE board slams Distributed Weakness Filing project for publishing â€کunauthorized’ CVE records

High-impact vulnerabilities such as remote code execution or any bug that can lead to financial losses for Lazada, its sellers, and customers are due a payout of $3,000, while â€کmax critical’ bugs that could lead to a large-scale data leak are eligible for the maximum reward of $10,000.

“Lazada is, first and foremost, looking for vulnerabilities that could affect their customers’ privacy,â€‌ said YesWeHack.

Lazada is also looking for bugs that affect its business integrity or continuity, “although, any flaw that could demonstrate a direct impact on their security and their users would be handled with due considerationâ€‌.

Read more of the latest bug bounty news

Franck Vervial, head of cyber defense at Lazada, said: “By launching this latest public bug bounty program, we are sending a clear message to everyone, that we value the importance of data in our possession.

“We believe in the expertise of the YesWeHack community and are excited to continue to work with ethical hackers in identifying new attack methods and countering them.

“This is about protecting our data, protecting our employees, and protecting our customers against vulnerabilities.â€‌

YOU MAY ALSO LIKE US government launches first VDP for federal civilian agencies

Source link

Leave A Reply

Your email address will not be published.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More