Ooredoo has announced the launch of the first Public Bug Bounty Programme in Qatar to enhance security provision for its Ooredoo.qa platform.
The new cybersecurity programme upgrades Ooredoo’s security practices by adding an extra layer of security testing to its regular vulnerability assessment and penetration testing, a statement said.
The programme entails inviting a global community of pre-registered ethical hackers and researchers to test its security and report findings in return for a financial reward.
Ooredoo Qatar CEO Sheikh Ali bin Jabor al-Thani said: “The launch of this new initiative demonstrates Ooredoo’s commitment to the provision of secure products and services to our customers, and to proactively addressing security vulnerabilities as soon as they are found in order to protect our customers, our employees and our business. The programme also enables us to ensure we meet our environmental and social responsibilities, as outlined in our corporate strategy.”
Ooredoo has collaborated with the global Bug Bounty platform YesWeHack to define the rules of the programme, including the scope of the test, the vulnerabilities that qualify for a reward and their value. If the vulnerability is considered valid, the researcher is rewarded based on the validity and criticality of the bug. Once fixed, the bug is checked again to ensure resolution.
The public Bug Bounty Programme will be a permanent part of Ooredoo’s security provision, the statement added.