Story image

Skyscanner opens up bug bounty for interested hackers

31 Jan 2019

It’s often said the best way to strengthen your defences is to test them externally, and what better way than to pay people to attack you?

That’s what crowdsourced security platform Bugcrowd announced will now be happening with global travel search company Skyscanner as it takes its bug bounty program public.

Coming on the back of the success of its private program that rewarded more than 200 vulnerabilities, Skyscanner’s public program is now open to Bugcrowd’s full Crowd of trusted whitehat hackers.

These hackers can benefit from up to US$2,000 per vulnerability identified on its website, API, and mobile apps.

“Keeping data safe and secure is a top priority and a core company value for us at Skyscanner. We welcome the contribution of external security researchers and look forward to rewarding them for their invaluable contribution to the security of Skyscanner,” says Skyscanner CISO Ante Gulam.

“We are excited to extend the success of our private bug bounty program, taking this program public to further strengthen our security posture and improve our services.”

Bugcrowd is confident Skyscanner will now be able to identify and remedy vulnerabilities faster, which is increasingly important given shorter deployment cycles, increased deployment frequency, and faster time to market.

The company (Bugcrowd) already boasts hundreds of big name customers wanting to be ‘attacked’, including Atlassian, HP, Mastercard and Tesla.

“Security is becoming a real market differentiator for companies. Today, consumers are not just considering security when making buying decisions, they’re demanding it,” says Bugcrowd CEO Ashish Gupta.

“In times of high-profile attacks and breaches in the travel industry, there has never been a more important time to take security seriously. Skyscanner is leading the industry when it comes to security, having run a private crowdsourced security program for the last few years. Taking their program public today further demonstrates that security is an essential and highly-ingrained part of their business as well as their commitment to their customers.”

Thycotic debunks top Privileged Access Management myths
Privileged Access encompasses access to computers, networks and network devices, software applications, digital documents and other digital assets.
Veeam reports double-digit Q1 growth
We are now focussed on an aggressive strategy to help businesses transition to cloud with Backup and Cloud Data Management solutions.
Paving the road to self-sovereign identity using blockchain
Internet users are often required to input personal information and highly-valuable data from contact numbers to email addresses to make use of the various platforms and services available online.
Tech Data to distribute Nutanix backup solution in A/NZ
Tech Data will distribute HYCU Data Protection for Nutanix backup and recovery software to their network of partners across Australia and New Zealand.
Veeam releases v3 of its MS Office backup solution
One of Veeam’s most popular solutions, Backup for Office 365, has been upgraded again with greater speed, security and analytics.
Too many 'critical' vulnerabilities to patch? Tenable opts for a different approach
Tenable is hedging all of its security bets on the power of predictive, as the company announced general available of its Predictive Prioritisation solution within Tenable.io.
Safety solutions startup wins ‘radical generosity’ funding
Guardian Angel Security was one of five New Zealand businesses selected by 500 women (SheEO Activators) who contributed $1100 each.
Industrial control component vulnerabilities up 30%
Positive Technologies says exploitation of these vulnerabilities could disturb operations by disrupting command transfer between components.