Ride hailing service Ola has launched a bug bounty program where it will reward security researchers for finding vulnerabilities in its platform.
The program is ‘invite-only’ with Ola’s security team selecting known security researchers, but it will be opened up to everyone in the coming months.
Ola’s decision to involve external security researchers was prompted by the discovery of two big vulnerabilities on its platform this year.
The first involved the hacking of Ola Wallet by ethical hacker Shubam and the second was an attack on the company’s database with the hacker claiming to have got access to user details and credit card numbers.
At this point of time it isn’t know just how many security researchers Ola is reaching out to or how the company plans to reward them.
Update: Ola seems to have opened up the program to everyone and has listed down information about responsible disclosure and reward guidelines on its whitehat page. The company says the amount awarded is based on the severity, impact, complexity and the awesomeness of the vulnerability reported.
The minimum bounty amount is Rs 1,000 but there’s no upper limit. Ola says finding ‘awesome bugs’ might win you smartwatches, tablets, smartphones and other goodies. Further, only individuals are allowed to participate in the bounty program, so the company is still keeping the door closed to security agencies.