Southeast Asia eCommerce platform Lazada launches public bug bounty program with YesWeHack
PR90032
SINGAPORE, June 10, 2021 /PRNewswire=KYODO JBN/ --
Focused on vulnerabilities of personal data, Lazada will pay out up to
US$10,000 in rewards to ethical hackers
Southeast Asia's leading eCommerce platform Lazada announces the launch of a
public bug bounty program with YesWeHack to identify vulnerabilities, after
running a successful 18 month-long private program. Since January 2020, Lazada
has been working with ethical hackers to detect security vulnerabilities in its
IT environment as part of a private bug bounty program, and is now opening the
program to the entire cybersecurity community.
With the launch of this public Bug Bounty program, Lazada is making a statement
to the eCommerce industry, and highlighting the priority it places on security
and transparency for its customers and partners, by offering security
researchers up to US$10,000 per bounty.
Protecting customer data is a top priority
Founded in 2012 and headquartered in Singapore, Lazada is one of the leading
e-commerce platforms in Southeast Asia and was acquired by Alibaba Group in
2016. The company, which has operations in Indonesia, Malaysia, the
Philippines, Singapore, Thailand and Vietnam, also offers logistics, retail
technology and payment services solutions, in addition to LazMall, the region's
largest virtual mall with over 18,000 brands.
Since the launch of its private bug bounty program, Lazada has worked with over
one hundred ethical hackers to surface vulnerabilities, and has awarded over
US$150,000 in bounties to security researchers. This includes a pre-launch
event for the public program conducted that saw hackers from the YesWeHack
community identify vulnerabilities in 48 hours.
"Given the importance of data and personal information, Lazada takes great care
in protecting our customers and we have worked to patch these vulnerabilities,
to ensure a safe shopping platform. With the evolving nature of data security,
as well as the aggressive nature of hackers who exploit technology to steal
data, we believe in working with the larger cybersecurity community to
strengthen our IT ecosystems," says Alan Chan, Chief Risk Officer of Lazada
Group.
"Since working with YesWeHack, we have improved our security by enhancing our
Secure Software Development Process, to avoid the same type of vulnerability
coming up again. It has been very useful to verify with the wider researchers
that our security monitoring can catch exploitation of vulnerabilities."
Up to US$10,000 reward for reports on critical vulnerabilities
Lazada is now taking additional steps in providing transparency and security to
its customers, by transferring the areas previously tested in the private
program to a public program. This allows cybersecurity researchers from all
over the world to participate in the program and report vulnerabilities to the
eCommerce platform.
Furthermore, special attention will be paid to vulnerabilities that affect
personal data and have severity levels of "high" or "critical." For submitted
reports on critical vulnerabilities, Lazada will pay out up to US$10,000 to
security researchers. More information of the public bounty program can be
found here(https://yeswehack.com/programs/lazada).
"By launching this latest public bug bounty program, we are sending a clear
message to everyone, that we value the importance of data in our possession. We
believe in the expertise of the YesWeHack community and are excited to continue
to work with ethical hackers in identifying new attack methods and countering
them. This is about protecting our data, protecting our employees and
protecting our customers against vulnerabilities," says Franck Vervial, Head of
Cyberdefence at Lazada.
"YesWeHack is delighted to partner with Lazada and expand our market in Asia,
ensure their e-commerce platform and its customers are protected against
increasingly sophisticated cyber threats," says Kevin Gallerin, Managing
Director, APAC at YesWeHack. "The switch to a public program follows over 18
months of collaboration, during which our global community of researchers has
demonstrated its effectiveness and broad spectrum of skills. By reaching out to
a broader community, Lazada strengthens its security, champions transparency
and data privacy and protection. Ultimately, building and maintaining the trust
and experience of the several million users across APAC."
About Lazada Group
Founded in 2012, Lazada Group is the leading eCommerce platform in Southeast
Asia. We are accelerating progress in Indonesia, Malaysia, the Philippines,
Singapore, Thailand and Vietnam through commerce and technology. With the
largest logistics and payments networks in the region, Lazada is a part of our
consumers' daily lives in the region and we aim to serve 300 million shoppers
by 2030. Since 2016, Lazada is the Southeast Asia flagship platform of the
Alibaba Group powered by its world-class technology infrastructure.
About YesWeHack
Founded in 2015, YesWeHack is a Global Bug Bounty & VDP Platform.
YesWeHack offers companies an innovative approach to cybersecurity with Bug
Bounty (pay-per-vulnerability discovered), connecting more than 25,000
cybersecurity experts (ethical hackers) across 170 countries with organizations
to secure their exposed scopes and reporting vulnerabilities in their websites,
mobile apps, infrastructure and connected devices.
YesWeHack runs private (invitation based only) programs and public programs for
hundreds of organisations worldwide in compliance with the strictest European
regulations.
In addition to the Bug Bounty platform, YesWeHack also offers: support in
creating a Vulnerability Disclosure Policy (VDP), a learning platform for
ethical hackers called Dojo and a training platform for educational
institutions, YesWeHackEDU. For more information: www.yeswehack.com
SOURCE: Lazada Group
Image Attachments Links:
Link: http://asianetnews.net/view-attachment?attach-id=393548
Caption: Southeast Asia eCommerce platform Lazada launches public bug bounty program
with YesWeHack
本プレスリリースは発表元が入力した原稿をそのまま掲載しております。また、プレスリリースへのお問い合わせは発表元に直接お願いいたします。
このプレスリリースには、報道機関向けの情報があります。
プレス会員登録を行うと、広報担当者の連絡先や、イベント・記者会見の情報など、報道機関だけに公開する情報が閲覧できるようになります。