johnk

Alibaba and HackerOne Join Forces in Global Vulnerability Testing Program

Alibaba and HackerOne Join Forces in Global Vulnerability Testing Program

Alibaba, one of the world’s largest Internet companies is joining HackerOne to tap into the technical expertise of the world’s best cybersecurity experts to implement a global vulnerability disclosure program (VDP) to help boost security and better protect customers, transactions, and the Alibaba ecosystem. The eCommerce and technology company is the world’s number 3 cloud services provider. It hosts over 600 million active annual users on its platform who transacted with over 10 million sellers during its last fiscal year to generate USD $768 billion of Gross Merchandise Volume (GMV). Alibaba’s logistics business, Cainiao, enabled the delivery of over 69 million packages a day, with a record setting +1 billion delivery orders handled within 24 hours during 2018 11.11. Today, Alibaba has announced that all participating cybersecurity researchers who submit valid vulnerabilities will receive a limited production physical challenge coin issued by Alibaba and HackerOne — a “metal medal of honor” – to recognize their contributions. The coin is awarded in addition to the incentives researchers receive as active members of the HackerOne community.vulnerability disclosure program (VDP)
 
The company initially launched the VDP in September 2018 and is now encouraging creative vulnerability research and submissions from all corners of the globe. Alibaba’s VDP scope covers nearly all Alibaba assets including websites, network devices and over 30 recommended domains of focus for hackers to legally test. All participating cybersecurity researchers who submit valid vulnerabilities will receive a limited production of physical challenge coin issued by Alibaba and HackerOne — a “metal medal of honor” – to recognize their contributions. Check out the design below.

To learn more about Alibaba’s VDP and get hacking on HackerOne, visit https://hackerone.com/alibaba. Currently, Alibaba also runs a self-managed bug bounty program independent from HackerOne.
 

The 7th Annual Hacker-Powered Security Report

Hacker-Powered Security Report