KARACHI: Pakistan’s largest online job portal Rozee.pk and fintech company Finja, have launched the country’s first formal bug bounty program, Profit learned on Monday.
“Within hours we received our first report and made a payout to the reporter,” said co-founder and a major shareholder in both the companies, Monis Rehman.
“We strive to maintain and improve our systems and processes so that our customers can make payments safely at all times. However, should you find a weakness in our systems, we would appreciate your help,” states Finja, which operates digital payment service SimSim.
The two companies have created a separate tab on their websites to help bounty hunters understand the procedure of reporting any security vulnerabilities in their information systems.
According to their websites, ethical hackers, also known as white hats, can earn anywhere between Rs1,000 to Rs30,000 per security bug through responsible disclosure, which will be investigated and responded by the companies’ technical team in five working days.
In the case above, the hacker reported ‘a minor issue’ and the company paid him Rs5,000 for that.
With increasing number of cyber attacks, information security or data protection has become an important subject for technology companies around the world. Many tech giants, the likes of Google, Paypal, and Uber have been running public bug bounty programs to use the white hat community for identifying security flaws in their systems. For example, Uber alone spent $1.4 million on a bounty program recently.
By contrast, Pakistani technology companies have been criticised by experts on cybercrime and information security researchers for their lack of seriousness about data protection and poor security measures. Some of Pakistan’s largest technology platforms, the likes of EasyPaisa, Pakwheels.com and Zameen.com, were hacked in the past. Last month, Careem, a UAE-based ride-hailing company founded by Pakistanis was also hacked and data of 14 million users was resultantly compromised.
Although some companies say they have been running bug bounty programs informally, the one launched by these two companies is the first formally documented and structured program by Pakistan-based technology companies.