Grofers recognizes the importance of continued security research toward helping keep our ecosystem (and customers’ data) safe. In continuation of our efforts in this area, we are excited to announce the launch of the “Grofers Public Bug Bounty Program.”
With this program we encourage any security researchers, ethical hackers and bug bounty hunters to submit vulnerabilities to us for a responsible coordinated disclosure. We will be rewarding them basis the severity of findings and acknowledge their efforts by publishing their names in the Hall of Fame list.
A little background on how we got here:
In the past year we have built up a dedicated in-house security team that has implemented the following initiatives (among others):
- Web Application Firewall
- Automated security testing in our build process
- Security testing steps within our release process
- Data leak protection tools
- Tools and process to prevent credentials leakage via github.
- Hired 3rd party organisations for regular audits of all apps
Since our inception, ethical security researchers have occasionally approached us to report security vulnerabilities and although we didn’t have any policy, we rewarded and appreciated them for their good intentions of keeping us and the internet safe and secure.
In response, we launched a private, invite-only bug bounty program, giving researchers a better platform to report vulnerabilities and received fantastic support from top-tier security researchers across the globe. These submissions have not only helped us to make our ecosystem more secure but also integrated us into security communities via events such as a Nullcon, Owaspseasides, Null meets, BSides etc.
The Grofers Public Bug Bounty Program is an invitation to the world to participate in making Grofers and the internet a safer place.
Happy (ethical) hacking! And if you want to join our awesome security team, please get in touch at http://grofers.com/careers
Thanks to Avinash Jain for setting this program up and keeping us safe!