Ooredoo – Qatar’s leading provider of ICT solutions – has announced the launch of the first Public Bug Bounty Program in Qatar to enhance security provision for its Ooredoo.qa platform.
The new cyber-security program upgrades Ooredoo’s security practices by adding an extra layer of security testing to its regular vulnerability assessment and penetration testing. The programme entails inviting a global community of pre-registered ethical hackers and researchers to test its security, and report findings in return for a financial reward.
Sheikh Ali Bin Jabor Al Thani, Chief Executive Officer at Ooredoo Qatar said: “The launch of this new initiative demonstrates Ooredoo’s commitment to the provision of secure products and services to our customers, and to proactively addressing security vulnerabilities as soon as they are found in order to protect our customers, our employees and our business. The programme also enables us to ensure we meet our environmental and social responsibilities, as outlined in our corporate strategy.”
The telco leader has collaborated with the global Bug Bounty platform YesWeHack to define the rules of the program, including the scope of the test, the vulnerabilities that qualify for a reward and their value. If the vulnerability is considered valid, the researcher is rewarded based on the validity and criticality of the bug. Once fixed, the bug is checked again to ensure resolution.
The public Bug Bounty Program will be a permanent part of Ooredoo’s security provision.