Onfido invests in new Bug Bounty program, fortifying security and reliability in the Real Identity Platform
- Written by Daily Sun
The partnership comes as part of Onfido's continued commitment to pentesting its platform against cyber-threats and delivering secure platform solutions.
The Bug Bounty program will provide Onfido with access to YesWeHack's community of 40,000 cybersecurity researchers and ethical hackers, to pinpoint unknown vulnerabilities in return for a financial reward. This enables Onfido to maintain its strong commitment to security, better understand the tactics that bad actors attempt to use and flag any potential security flaws before new products and services are made available to the public.
Together, Onfido and YesWeHack defined the rules for the Bug Bounty program including the scope of the test, the vulnerabilities that qualify for a reward and their value. If the vulnerability is valid, the researcher is rewarded based on the severity of the bug. Once the bug is fixed, it is checked again to ensure the security exposure is resolved.
"The breadth and diversity of our community offers the spectrum of skills required to cover the full range of perimeters set by Onfido, whether hardware or applications," said Kevin Gallerin, APAC Managing Director, YesWeHack. "By stress-testing Onfido's security environment, we can support its commitment to placing customer privacy at the heart of the business, and ensure that it remains protected from today's sophisticated attackers."
Commenting on the partnership, Alex Valle, Chief Product Officer at Onfido said: "Security and compliance are essential to our mission of creating a more open world, where identity is the key to online access and we are always looking for ways to strengthen this. YesWeHack shares our values in operating under the strictest compliance processes and abiding by a security-by-design approach. The Bug Bounty program delivers us gold standard protection from bad actors, identifying and fixing any critical vulnerabilities before they even have a chance to arise."
The Bug Bounty program launches during a period of fast-growth at Onfido. It recently expanded its flagship Real Identity Platform to deliver a curated library of globally trusted data sources and identity verification services. This is in addition to tailored user experiences designed around specific fraud and regulatory use cases, compliance requirements, global needs, risk appetite, and business objectives. It's these innovative solutions that will benefit from ongoing testing by ethical hackers, providing full transparency on data security, and allowing Onfido to double down on its values of trust and privacy.
Hashtag: #YesWeHack
About Onfido
Onfido is simplifying digital identity for everyone. The company makes it easy for people to access services by digitally proving a person's real identity by verifying a photo ID and facial biometrics with award-winning artificial intelligence (AI). That's how it powers secure and inclusive relationships between businesses and their customers without compromising experience, conversion, or security.
Recognized as a global leader in AI for identity verification and authentication, Onfido is backed by TPG Growth, Idinvest Partners, Crane Venture Partners, Salesforce Ventures, M12 (Microsoft) and others. In 2021 they were awarded 'Artificial Intelligence and Machine Learning Hot Company' by CyberDefense Global Infosec Awards, 'Fraud Prevention Innovation of the Year' at the CyberSecurity Breakthrough Awards, and named to the CB Insights Fintech 250 for the fourth year running. They partner with over 800 businesses globally to help millions access services every week – from billion dollar institutions to hypergrowth start-ups. Onfido supports checks in 195 countries, and 2,500+ document types.
About YesWeHack
Founded in 2015, YesWeHack is a global Bug Bounty and VDP Platform. YesWeHack offers companies an innovative approach to cybersecurity with Bug Bounty (pay-per-vulnerability discovered), connecting more than 40,000 cybersecurity experts (ethical hackers) across 170 countries with organisations to secure their exposed scopes and reporting vulnerabilities in their websites, mobile apps, infrastructure and connected devices.
YesWeHack runs private (invitation based only) programs and public programs for hundreds of organisations worldwide in compliance with the strictest European regulations.
In addition to the Bug Bounty platform, YesWeHack also offers: a creation and management solution for Vulnerability Disclosure Policy (VDP), a learning platform for ethical hackers called Dojo and a training platform for educational institutions, YesWeHackEDU.