Singapore: Southeast Asian online shopping store Lazada announces the launch and tech company YesWeHack collaborated on a new public bug bounty program after an 18 month private program created in January 2020.
Lazada worked with ethical hackers to know security vulnerabilities in its IT environment under the program and is now opening the program to the cybersecurity community. The e-commerce giant is offering security researchers up to US$10,000 per bounty.
Lazada worked with over 100 ethical hackers to surface vulnerabilities and gave over US$150,000 in bounties to security researchers. The company held a pre-launch event where hackers from the YesWeHack community identify vulnerabilities in 48 hours.
“Given the importance of data and personal information, Lazada takes great care in protecting our customers and we have worked to patch these vulnerabilities, to ensure a safe shopping platform. With the evolving nature of data security, as well as the aggressive nature of hackers who exploit technology to steal data, we believe in working with the larger cybersecurity community to strengthen our IT ecosystems,” said Alan Chan, Chief Risk Officer, Lazada Group.
“Since working with YesWeHack, we have improved our security by enhancing our Secure Software Development Process, to avoid the same type of vulnerability coming up again. It has been very useful to verify with the wider researchers that our security monitoring can catch exploitation of vulnerabilities.”
Lazada said it’s improving its transparency and security to its customers as it moves the areas they previously tested in the private program to a public program. Cybersecurity researchers globally will be able to participate in the program and report vulnerabilities to the online platform. Lazada will pay out up to US$10,000 to security researchers for every submitted report.