Story image

Skyscanner opens up bug bounty for interested hackers

31 Jan 2019

It’s often said the best way to strengthen your defences is to test them externally, and what better way than to pay people to attack you?

That’s what crowdsourced security platform Bugcrowd announced will now be happening with global travel search company Skyscanner as it takes its bug bounty program public.

Coming on the back of the success of its private program that rewarded more than 200 vulnerabilities, Skyscanner’s public program is now open to Bugcrowd’s full Crowd of trusted whitehat hackers.

These hackers can benefit from up to US$2,000 per vulnerability identified on its website, API, and mobile apps.

“Keeping data safe and secure is a top priority and a core company value for us at Skyscanner. We welcome the contribution of external security researchers and look forward to rewarding them for their invaluable contribution to the security of Skyscanner,” says Skyscanner CISO Ante Gulam.

“We are excited to extend the success of our private bug bounty program, taking this program public to further strengthen our security posture and improve our services.”

Bugcrowd is confident Skyscanner will now be able to identify and remedy vulnerabilities faster, which is increasingly important given shorter deployment cycles, increased deployment frequency, and faster time to market.

The company (Bugcrowd) already boasts hundreds of big name customers wanting to be ‘attacked’, including Atlassian, HP, Mastercard and Tesla.

“Security is becoming a real market differentiator for companies. Today, consumers are not just considering security when making buying decisions, they’re demanding it,” says Bugcrowd CEO Ashish Gupta.

“In times of high-profile attacks and breaches in the travel industry, there has never been a more important time to take security seriously. Skyscanner is leading the industry when it comes to security, having run a private crowdsourced security program for the last few years. Taking their program public today further demonstrates that security is an essential and highly-ingrained part of their business as well as their commitment to their customers.”

Story image
12 Dec
Forecast: Ecosystm’s top 6 cybersecurity trends for 2020
Increasing use of cloud platforms and mobile devices, coupled with data sharing and a rise in online commerce, means businesses and their customers have never been more exposed to cyber threats.More
Story image
09 Dec
Trend Micro leads market share for hybrid cloud security - IDC
Software-defined compute technologies are often used in the context of public or private clouds, but can also be implemented in non-cloud environments.More
Story image
14 Nov
NordVPN launches encryption tool, password manager to come
A free version of NordLocker is available which gives users 5GB of encrypted data, while premium users can encrypt unlimited amounts of data. More
Story image
13 Dec
FireEye rolls out threat intelligence platform for industrial systems
Now industrial control systems (ICS), operational technology (OT), internet of things devices, and other equipment used to manage interconnected physical processes, can be secured from cyber threats.More
Story image
14 Nov
Lack of PCI DSS compliance putting payment security at risk
Organisations across Asia Pacific are demonstrating stronger payments security compliance compared to other parts of the world, however global trends indicate that payments security compliance has dropped for the second year in a row.More
Story image
12 Dec
StorageCraft report suggests firms need a 'ransomware reality check'
68% of respondents have a ransomware recovery plan, yet almost a quarter (23%) don’t test those plans, and 46% test them once a year or less.More