Cyber Security

Asian e-commerce giant Lazada launches first public bug bounty program

E-commerce platform Lazada has launched its first public bug bounty program with YesWeHack.

The website, which was founded in Singapore but serves countries across Southeast Asia, is offering up to $10,000 for successful vulnerability reports.

It comes after a previously private program, launched in January 2020, that has already paid out around $150,000 in rewards.

In a statement, Lazada said it hopes that the program will make a statement to the e-commerce industry, “highlighting the priority it places on security and transparency for its customers and partners”.

A detailed list of the vulnerabilities and applications that are in scope can be found on YesWeHack’s website.

Public offering

A spokesperson from YesWeHack told The Daily Swig that while there has been a recent uptake in bug bounty programs across Southeast Asia, they have mainly been available on an invite-only basis.

The spokesperson explained: “They are less willing to initiate public programs as it is not as common as in Europe and the United States.”

High-impact vulnerabilities such as remote code execution or any bug that can lead to financial losses for Lazada, its sellers, and customers are due a payout of $3,000, while ‘max critical’ bugs that could lead to a large-scale data leak are eligible for the maximum reward of $10,000.

“Lazada is, first and foremost, looking for vulnerabilities that could affect their customers’ privacy,” said YesWeHack.

Lazada is also looking for bugs that affect its business integrity or continuity, “although, any flaw that could demonstrate a direct impact on their security and their users would be handled with due consideration”.

Franck Vervial, head of cyber defense at Lazada, said: “By launching this latest public bug bounty program, we are sending a clear message to everyone, that we value the importance of data in our possession.

“We believe in the expertise of the YesWeHack community and are excited to continue to work with ethical hackers in identifying new attack methods and countering them.

“This is about protecting our data, protecting our employees, and protecting our customers against vulnerabilities.”

Source: https://portswigger.net/daily-swig/asian-e-commerce-giant-lazada-launches-first-public-bug-bounty-program

Click to comment

You May Also Like

Business News

Cummins Inc. has approved its high-horsepower diesel engines across all ratings for use with unblended paraffinic fuels (EN15940), often referred to as renewable diesel,...

Business News

PT BAUER Pratama Indonesia, the Indonesian subsidiary of BAUER Spezialtiefbau GmbH, was commissioned to manufacture the retaining walls for the basement in Kota Station...

Business News

Climate technology company Partanna has announced a partnership with the Diriyah Company the use of carbon-negative building materials throughout the US$63 billion Diriyah project...

Business News

The European Anti-Fraud Office (OLAF) has put forth a recommendation to halt the €140 million renovation project for the Kostenets-Septemvri railway in Bulgaria, while...

Copyright © 2023 Newsworthy News | Global | Political | Local | All News | Website By: Top Search SEO

Exit mobile version