Nubank launches reward program for ethical hackers in partnership with BugCrowd

On August 31st, Nubank launches the Bug Bounty program with BugCrowd, the largest community of security researchers in the world.
The program is led by our Infosec (Information Security) area, and offers financial rewards for Brazilian researchers who find vulnerabilities in our systems.

Nubank goes to great lengths to make our customers’ experience as smooth as possible, constantly improving its internal security tools. Therefore, relying on the contribution of the security researchers community is another way we found to protect our systems.
See below what a Bug Bounty program is and how our partnership with BugCrowd will work.

Bug Bounty? What does that mean?

Bug Bounty is a rewards program for those who report issues related to possible vulnerabilities in an organization’s system.

The initiative aims to detect potential loopholes before they materialize as a cybersecurity issue. The researcher performs a code security analysis, identifies the bug, reports it to the BugCrowd platform, and, in return, receives a financial reward – or bug bounty. Then, it’s up to the company (in this case, Nubank) to fix the bugs mapped in the app.

This is a safe practice, and hundreds of renowned institutions are already using it as a strategy to increase the protection of their websites and applications.

Check more in http://bugcrowd.com/nubank

How will the Bug Bounty program work?

Nubank invited the highest rated researchers at BugCrowd to look for bugs and any vulnerabilities in our app. The idea is to protect our system with an extra layer and keep our customers safer. BugCrowd is amongst the largest ethical hacker platforms. It unites security researchers with companies committed to protecting their systems.

Nubank now has a page on the platform, where these guest researchers will be able to report possible technical details of bugs found in our app and receive a cash reward.
It is up to BugCrowd to mediate the relationship between the researchers and Nubank, evaluating the reports and excluding those that are considered inconsistent. The platform also performs vulnerability tests based on the details provided by the good hackers.

After all this process on the platform, Nubank validates the information sent by BugCrowd, fixes the mapped bug, and releases the payment to the researcher who found it.