Southeast Asian e-commerce platform Lazada on Thursday announced the launch of a public bug bounty program with YesWeHack.
Founded in 2012, the Singapore-based Lazada was acquired by Alibaba Group in 2016. In addition to the LazMall online store, the firm offers logistics, payment services, and retail technology solutions. In addition to Singapore, Lazada operates in Indonesia, Malaysia, the Philippines, Thailand, and Vietnam.
Since January 2020, the Alibaba-owned platform has been running a private bug bounty program that resulted in more than $150,000 being paid out in bug bounty rewards.
To further support the discovery of security vulnerabilities in its IT environment, Lazada is now opening the bug bounty program to YesWeHack’s entire community of approximately 23,000 ethical hackers.
Researchers interested in participating in the public bug bounty program could earn payouts of up to $10,000 for their findings, the company announced.
Lazada will pay special attention to critical and high-severity vulnerabilities that affect personal data, as these will be awarded the highest amounts.
“Participants are permitted to perform any tests and investigations on the systems, as long as they act in good faith and respect the scope and rules,” the bug bounty program’s page on YesWeHack said.
The company asks researchers to report identified vulnerabilities within 24 hours after discovery, to refrain from performing disruptive tests, and from leaking or manipulating user data.
Interested researchers are encouraged to head over to the YesWeHack portal for additional information on the bug bounty program, including guidelines, vulnerability submission requirements, rewards, and more.
Related: Reddit Launches Public Bug Bounty Program
