Leading Restaurant Search and Reservations Service Resolved Nearly 400 Security Vulnerabilities in 12 Months Thanks to Hackers
SAN FRANCISCO-- August 23, 2018 --HackerOne, the global hacker-powered security leader, today announced that Zomato — leading restaurant search and discovery service — has boosted security of its web and mobile applications through its bug bounty program on HackerOne. In the first 12 months of its public bug bounty program, Zomato resolved nearly 400 security vulnerabilities to protect customers and has surpassed $100,000 in bounties paid to ethical hackers. To mark the program's successful anniversary, Zomato’s security team also awarded its top hacker a $1,500 bonus for his contributions over the past year.
The India-based restaurant search and discovery service operates in 24 countries, including the United States, Australia, United Kingdom, Canada, India, Turkey, UAE, Qatar, Portugal, South Africa, New Zealand, and more. It’s security team, lead by Prateek Tiwari, is tasked with protecting sensitive information for over 55 million monthly visitors and 2,000 employees.
Since launching its bug bounty program in July 2017, the company has paid out over $100,000 to over 350 hackers for their efforts, all while maintaining an average response time of 4 hours — 18 times faster than the average managed program on HackerOne, placing Zomato among the most responsive programs on the platform.
“We had one goal at the start of the bug bounty program, which was to make Zomato more secure and with every single report resolved, we're getting closer to this goal,” said Tiwari. “The results over the past year with HackerOne have been outstanding and have exceeded our expectations. With help from the hacker community through the bug bounty program, Zomato was also able to adjust internal processes and standards, improve our performance and consistency at scale.”
In recent months, Zomato’s apps were added to the Google Play Security Reward Program (GPSRP), providing an opportunity for hackers to earn up to a $5,000 bonus for specific vulnerability types. GPSRP is a bug bounty program offered by Google Play, in collaboration with HackerOne and the developers of certain popular Android apps. It recognizes the contributions of security researchers who invest their time and effort in helping make apps on Google Play more secure.