sb-as logo
Story image

Skyscanner opens up bug bounty for interested hackers

31 Jan 2019

It’s often said the best way to strengthen your defences is to test them externally, and what better way than to pay people to attack you?

That’s what crowdsourced security platform Bugcrowd announced will now be happening with global travel search company Skyscanner as it takes its bug bounty program public.

Coming on the back of the success of its private program that rewarded more than 200 vulnerabilities, Skyscanner’s public program is now open to Bugcrowd’s full Crowd of trusted whitehat hackers.

These hackers can benefit from up to US$2,000 per vulnerability identified on its website, API, and mobile apps.

“Keeping data safe and secure is a top priority and a core company value for us at Skyscanner. We welcome the contribution of external security researchers and look forward to rewarding them for their invaluable contribution to the security of Skyscanner,” says Skyscanner CISO Ante Gulam.

“We are excited to extend the success of our private bug bounty program, taking this program public to further strengthen our security posture and improve our services.”

Bugcrowd is confident Skyscanner will now be able to identify and remedy vulnerabilities faster, which is increasingly important given shorter deployment cycles, increased deployment frequency, and faster time to market.

The company (Bugcrowd) already boasts hundreds of big name customers wanting to be ‘attacked’, including Atlassian, HP, Mastercard and Tesla.

“Security is becoming a real market differentiator for companies. Today, consumers are not just considering security when making buying decisions, they’re demanding it,” says Bugcrowd CEO Ashish Gupta.

“In times of high-profile attacks and breaches in the travel industry, there has never been a more important time to take security seriously. Skyscanner is leading the industry when it comes to security, having run a private crowdsourced security program for the last few years. Taking their program public today further demonstrates that security is an essential and highly-ingrained part of their business as well as their commitment to their customers.”

Story image
Acronis expands global data centre network, including new facilities in NZ
The expansion ensures that the full range of Acronis Cyber Protection Solutions will be available to partners and organisations around the world.More
Story image
New project development inhibited by cybersecurity, Kaspersky research states
"There are still some practical steps that can be taken to make sure that an emerging technology or a product reaches its launch. Cybersecurity doesn’t have to be another corporate barrier, but it should be on an integral part of the project all long."More
Story image
Why best-practice threat data management provides confident automation
Understanding an organisation’s threat landscape requires having both the right threat data sources and the proper prioritisation to derive actionable threat intelligence for your organisation. More
Story image
Radware launches DDoS protection for online gaming
“Online games are a massive, multi-billion-dollar industry, but they frequently fall victim to powerful and targeted DDoS attacks,"More
Story image
Why zero trust could fail due to lack of understanding​, not technology
Security architects are being forced to re-examine the concept of identity, with many turning to a zero trust security model to provide a better architecture for protecting their sensitive resources.More
Story image
Cisco report: Remote working is here to stay, making cybersecurity a top priority
"With this new way of working here to stay and organisations looking to increase their investment in cybersecurity, there’s a unique opportunity to transform the way we approach security as an industry to better meet the needs of our customers and end-users.”More