Zomato bug bounty hunting scheme announced; $4000 reward on offer

Zomato, one of the top Indian restaurant aggregators and delivery companies wants you to find bugs in its website or app. For your troubles, if you succeed, you will be paid a bounty of $4000, which translates to just under ₹3 lakh. Now, all a bug bounty hunter needs to do is hunch down and start figuring out where Zomato tech guys made mistakes. If some bug is found, it will be the Zomato security team that will decide about the serious nature of the bug and how vulnerable the company was to it. So, in case the risk or vulnerability is low, the amount to be paid out will be lesser. It is obvious, therefore, that only a critical flaw will yield the entire $4000 to the bounty hunter. The lowest sum to be paid is $100. In its statement, Zomato made this crystal clear indicating the actual bounty ranges for each severity level that is offered on the Zomato program.

A company statement said, "The Zomato Bug Bounty Program is a crucial part of our security efforts and we hope that this improvement will further motivate the hacker community. Thank you for your contribution to our program so far and we look forward to your reports!"

Also read: Looking for a smartphone? Check Mobile Finder here.

For those worried about Zomato initiating some kind of a process against them, the company clarified, "We will not pursue a civil action or initiate a complaint to law enforcement for accidental, good faith violations of this policy. We consider activities conducted consistent with this policy to constitute “authorized” conduct under the Computer Fraud and Abuse Act (CFAA)."

Yash Sodha, a Security Engineer at Zomato took to Twitter to announce the same, "Starting today, we're increasing the rewards for @zomato's bug bounty program: $4,000 for critical, $2000 for high, and so on. We welcome your participation and look forward to your reports! Happy Hacking :)."