New Delhi: OYO Hotels & Homes has announced its ethical hacking and bug bounty program to enhance data privacy and build a robust cybersecurity network. This is a major move, since OYO acquired Dynamica – a Copenhagen based data science company last year.
“One of our biggest assets is the trust our customers, partners and employees place in us. We understand that trust is hard to earn and easy to lose. One key responsibility in earning this trust is protecting the data our customers and other stakeholders have with us from any unauthorised use,” said Jagbir Singh, Engineering Manager – DevOps and InfoSec, OYO Hotels & Homes.
“Our team of 1100+ world-class security, network and software engineers and external partners across multiple geographies is at work 24×7 ensuring the protection of this data, so our customers and stakeholders can rest easy,” added Singh.
The Bug Bounty program aims to ensure that there is a credible and continuous flow of positive feedback from independent security groups and individual researchers to mitigate against any bug or shortfall in the company’s systems.
This is in line with the established practice of recognition and reward for ethical hackers who help responsibly investigate shortfalls within the tech architecture of several tech companies including the likes of Silicon Valley giants like Facebook, Google etc.
OYO has accordingly developed an improved responsible disclosure policy to encourage honest and responsible reporting of any potential risks.
Additionally, OYO has partnered with a specialized cybersecurity startup, AppSecure/Hackerhive, that connects companies and ethical hackers to help the former discover and fix security vulnerabilities and is in the process of developing a full-fledged bug bounty program.
Security a priority
Security is an integral part of any process at OYO; beginning from the collection of data, during transfer and processing to storage at rest. We follow a comprehensive information security framework based on NIST (National Institute of Standards and Technology, USA), ISO 27001 and other stringent industry standards.
The company said that its commitment extends to employee training and sensitization at every step. All new joiners undergo through information security training as part of the new employee orientation.
The company’s software developers and other information security personnel also attend a mandatory quarterly refresher since the technology in this space is dynamic and evolving very quickly. There is also an annual mandatory refresher training for all existing employees.
“We have a robust and world-class security team comprising of in-house and external experts employing best in class security techniques including virtual private networks/cloud, firewalls, intrusion prevention and detection devices (IPS and IDS), security trainings for all engineers, static and dynamic code analysis, regular vulnerability assessments and network penetration tests. In today’s digital world, a cyberattack is a real concern. Hence, in line with our efforts to continually improve, we are investing in ethical hacking programs as well,” said Anil Goel, Group Chief Technology and Product Officer.