As per Zomato's bug bounty programme, there is a range of rewards for each severity level
Zomato said that it will be using Common Vulnerability Scoring System (CVSS) to determine the severity of a vulnerability
Zomato has increased rewards for its bug bounty programme on Thursday. According to Zomato, an individual can win up to $4,000 ( ₹2.99 lakh) for finding the bug on its website or its mobile application.
"The Zomato Bug Bounty Program is a crucial part of our security efforts and we hope that this improvement will further motivate the hacker community. Thank you for your contribution to our program so far and we look forward to your reports!" the food delivery platform said in a statement.
As per Zomato's bug bounty programme, there is a range of rewards for each severity level. And, the progrmme requires two-factor authentication enabled to participate in.
Starting today, we’re increasing the rewards for @zomato's bug bounty program: $4,000 for critical, $2000 for high, and so on. We welcome your participation and look forward to your reports! Happy Hacking :) Find more details here: https://t.co/OSvNH1q6Mm
Zomato said that it will be using Common Vulnerability Scoring System (CVSS) to determine the severity of a vulnerability. The bounties will be calculated based on the exact CVSS score finalised by the Zomato Security team.
"For example, A critical vulnerability with CVSS 10.0 will be awarded $4,000; A critical vulnerability with CVSS 9.5 will be awarded $3,000 and so on," Zomato said in a statement.
The food ordering platform also promised to pay more for unique and hard-to-find bugs. Besides, it may pay less for bugs with complex prerequisites that lower the risk of exploitation.