GRAB, a Southeast Asian ride-hailing and mobile payments platform on July 12 announced the launch of a public bug bounty programme which will bolster the platform’s security for its drivers and passengers.
Hackers are invited to identify security weaknesses on the Grab platform and receive up to up to US$10,000 in rewards.
The bug bounty programme opens up Grab’s existing private program with HackerOne, a bug bounty and vulnerability disclosure platform provider, which has resolved nearly 200 vulnerabilities.
Building on the success of its private bug bounty programme, Grab’s public programme will invite HackerOne’s extensive global network of over 100,000 hackers to search for unknown security vulnerabilities.
Grab is the latest company to rely on HackerOne to improve security, joining General Motors, Twitter, Starbucks, Nintendo and over 800 other companies embracing continuous, hacker-powered security.
“Sophisticated and far-reaching security measures, such as those made accessible through HackerOne’s platform, are vital to earning the trust of our passengers and drivers,” said Grab director of engineering Ditesh Kumar (pic). “We believe that no technology is perfect and that working with a diverse portfolio of skilled security researchers is crucial to building the safest technology possible.”
HackerOne is the most widely adopted bug bounty and vulnerability disclosure platform provider in the world. Bug bounty programmes are cost-effective and allow software-powered organizations to identify vulnerabilities in systems faster.
More than 50,000 security vulnerabilities have been resolved by more than 800 organisations on HackerOne globally, including Adobe, the US Department of Defense, GitHub, Intel, Slack, Qualcomm, and more.
“Working with the hacker community is an undeniably effective way to find security vulnerabilities,” said HackerOne CTO and founder Alex Rice.
“The launch of Grab’s public bug bounty programme signals their commitment to working the largest hacker community to protect their over 45 million mobile customers.”
Grab will award hackers between US$100 to US$10,000 per valid vulnerability reported, depending on the impact and severity of the issue.