Southeast Asian e-commerce platform Lazada on Thursday announced the launch of a public bug bounty program with YesWeHack.
Founded in 2012, the Singapore-based Lazada was acquired by Alibaba Group in 2016. In addition to the LazMall online store, the firm offers logistics, payment services, and retail technology solutions. In addition to Singapore, Lazada operates in Indonesia, Malaysia, the Philippines, Thailand, and Vietnam.
Since January 2020, the Alibaba-owned platform has been running a private bug bounty program that resulted in more than $150,000 being paid out in bug bounty rewards.
To further support the discovery of security vulnerabilities in its IT environment, Lazada is now opening the bug bounty program to YesWeHack’s entire community of approximately 23,000 ethical hackers.
Researchers interested in participating in the public bug bounty program could earn payouts of up to $10,000 for their findings, the company announced.
Lazada will pay special attention to critical and high-severity vulnerabilities that affect personal data, as these will be awarded the highest amounts.
“Participants are permitted to perform any tests and investigations on the systems, as long as they act in good faith and respect the scope and rules,” the bug bounty program’s page on YesWeHack said.
The company asks researchers to report identified vulnerabilities within 24 hours after discovery, to refrain from performing disruptive tests, and from leaking or manipulating user data.
Interested researchers are encouraged to head over to the YesWeHack portal for additional information on the bug bounty program, including guidelines, vulnerability submission requirements, rewards, and more.
Related: Reddit Launches Public Bug Bounty Program
Related: Facebook Announces Payout Guidelines for Bug Bounty Program
More from Ionut Arghire
- BreachForums Shut Down Over Law Enforcement Takeover Concerns
- Ransomware Will Likely Target OT Systems in EU Transport Sector: ENISA
- Ransomware Gang Publishes Data Allegedly Stolen From Maritime Firm Royal Dirkzwager
- Zoom Paid Out $3.9 Million in Bug Bounties in 2022
- Malicious NuGet Packages Used to Target .NET Developers
- Google Pixel Vulnerability Allows Recovery of Cropped Screenshots
- Millions Stolen in Hack at Cryptocurrency ATM Manufacturer General Bytes
- NBA Notifying Individuals of Data Breach at Mailing Services Provider
Latest News
- BreachForums Shut Down Over Law Enforcement Takeover Concerns
- CISA Adds Experts to Cybersecurity Committee, Updates Baseline Security Goals
- Malware Trends: What’s Old is Still New
- Burnout in Cybersecurity – Can it be Prevented?
- Spain Needs More Transparency Over Pegasus: EU Lawmakers
- Ransomware Will Likely Target OT Systems in EU Transport Sector: ENISA
- Virtual Event Today: Supply Chain & Third-Party Risk Summit
- Google Suspends Chinese Shopping App Amid Security Concerns
