O Brazil it is one of the countries that suffer most from data security in the world. In the first quarter of 2021 alone, there were more than 3.2 billion cyber attack attempts, according to a Fortinet survey.
Given this scenario, the I got sick, consumer-to-consumer e-commerce, entered into a partnership with BugHunt, the first Brazilian Bug Bounty platform, to reward “good hackers” by identifying flaws in your platform.
The bug-hunting platform wants to be the link between cybersecurity experts and Business interested in evaluating the protection of their systems. The good hacker can earn up to 1,500 reais for the vulnerability found in the evaluated services and solutions, depending on the critical level of the identified flaw.
The private service, where only verified or invited bughunters (as experts are called) can participate, is a favorite of companies. Brands like OLX, Webmotors e Maximum Bank have already made this kind of partnership with BugHunt.
“When specialists report a vulnerability, Enjoei must run the internal vulnerability management processes so that it is fixed efficiently, in the shortest possible time and with the highest possible quality. This helps to improve the internal process, in addition to bringing the security team closer to the development teams”, said Caio Telles, CEO of BugHunt.
For Enjoei, whose marketplace involves each customer creating their own “little shop” and selling to other users, ensuring the safety of those using the platform is essential. The first reason is the General Data Protection Law (LGPD), which started to fine companies in August of this year. According to BugHunt, the most common flaws found in companies today have been those that can expose personal data, creating problems with the law.
The second reason is the increase in traffic on the platform, an indication that it would be necessary to improve the company’s security level. In the first three months of the year, the brand’s app was downloaded 5.7 million times, almost five times more than in the same period in 2020, and the gross merchandise volume (GMV) doubled to 172 million reais.
“We are extremely concerned about user information and our operation. We do not store credit card data. Personal data, such as address and CPF, are, whenever possible, encrypted,” said Carlos Brando, CTO at Enjoei. “If we are offering rewards to those who find gaps, it is because we trust our infrastructure and are committed to improving.”
For Telles, Enjoei’s action offers more security and the certainty that the company values the subject and has strategies to keep customer data safe. “When a company starts a bug bounty program, it gains the analytical eye of thousands of security experts, so potential vulnerabilities can be identified much more efficiently,” he explains.
Today, BugHunt has thousands of registered experts, and has helped several companies identify flaws in their systems. For the executive, as a company accepts the experts’ suggestions, the number of reports should decrease, and this is an indicator that the company’s maturity is increasing.
“The vulnerability reward programs allow the platform specialists to look constantly and continuously, so this helps and creates the need for companies to adjust their internal processes to fix reported vulnerabilities, which also ends up promoting security maturity ”, he points out.