Onfido Invests in a New Bug Bounty Programme, Bolstering the Real Identity Platform’s Security and Dependability
Onfido, the global identity verification and authentication provider, today announces its partnership with YesWeHack, a globally leading Bug Bounty and Vulnerability Disclosure Policy (VDP) platform. The partnership comes as part of Onfido’s continued commitment to pentesting its platform against cyber-threats and delivering secure platform solutions.
The Bug Bounty program will provide Onfido with access to YesWeHack’s community of 40,000 cybersecurity researchers and ethical hackers, to pinpoint unknown vulnerabilities in return for a financial reward. This enables Onfido to maintain its strong commitment to security, better understand the tactics that bad actors attempt to use and flag any potential security flaws before new products and services are made available to the public.
Together, Onfido and YesWeHack defined the rules for the Bug Bounty program including the scope of the test, the vulnerabilities that qualify for a reward and their value. If the vulnerability is valid, the researcher is rewarded based on the severity of the bug. Once the bug is fixed, it is checked again to ensure the security exposure is resolved.
“The breadth and diversity of our community offers the spectrum of skills required to cover the full range of perimeters set by Onfido, whether hardware or applications,” said Kevin Gallerin, APAC Managing Director, YesWeHack. “By stress-testing Onfido’s security environment, we can support its commitment to placing customer privacy at the heart of the business, and ensure that it remains protected from today’s sophisticated attackers.”
Commenting on the partnership, Alex Valle, Chief Product Officer at Onfido said: “Security and compliance are essential to our mission of creating a more open world, where identity is the key to online access and we are always looking for ways to strengthen this. YesWeHack shares our values in operating under the strictest compliance processes and abiding by a security-by-design approach. The Bug Bounty program delivers us gold standard protection from bad actors, identifying and fixing any critical vulnerabilities before they even have a chance to arise.”
The Bug Bounty program launches during a period of fast-growth at Onfido. It recently expanded its flagship Real Identity Platform to deliver a curated library of globally trusted data sources and identity verification services. This is in addition to tailored user experiences designed around specific fraud and regulatory use cases, compliance requirements, global needs, risk appetite, and business objectives. It’s these innovative solutions that will benefit from ongoing testing by ethical hackers, providing full transparency on data security, and allowing Onfido to double down on its values of trust and privacy.