Large companies abroad have long held a Bug Bounty , aka finding leaks from a company's IT system.
They invite anyone, hackers or amateurs, to directly look for leaks and system weaknesses.
The prize is quite large. Facebook once offered Rp. 142 million per security hole found.
Last 2018, there was a young man named Nosa from Bukir, Pasuruan City, who received a prize from Google of Rp. 111 million.
At that time he had discovered a security hole in Google that could harm the search engine.
In Indonesia, such a thing is very unusual, and now Gojek announced a Bug Bounty program to look for bugs or security holes in their servers, applications, sites, and backend services.
For this program, Gojek promises various prizes, ranging from around Rp. 1.4 million to US$5,000 (around Rp. 73 million).
According to Gojek's Chief Information Security Officer, George Do, that the Bug Bounty program was held to help identify vulnerabilities and reduce the possibility of cyber attacks, which may occur in the Gojek domain.
George Do also stated that the program gives hackers and ethical researchers access to test their programming intelligence and is given the opportunity to earn cash prizes in return.
This program can also strengthen Gojek Shield, a Gojek security technology that combines machine learning and artificial intelligence.
Gojek Shield is designed by a team with cybersecurity expertise with global experience, which combines various types of features.
For example, detection of fraud and illegal devices, advanced verification features, masking of phone numbers, emergency alert systems for consumers and partners, and ride-sharing features.
competition to find security holes is open to hackers and ethical researchers.
program Bug Bounty was held by Gojek in collaboration with HackerOne.
The condition is that hackers can first carry out individual testing and analysis to be sent via the HackerOne platform.
The vulnerability report found by the hackers and sent will then be evaluated by the HackerOne team by sending it to the Gojek Product Security team.
The amount of the prize will be determined based on the level of difficulty and the type of system security damage found.
The assessment process is carried out by Gojek with the following time division:
- First response - 2 days.
- Time to analyze the vulnerability level - 5 days.
- Time to determine the prize - 10 days.
- Time to give - varies, depending on the level of distress and severity specified.
Gojek's Bug Bounty Program can be studied further on the following HackerOne platform.
EmoticonEmoticon