About Vntrip
- Industry: Hotel and travel, Technology Service
- Business model: Technology Startup
- Scale: 300-400 employees
- Solution: Online booking for both hotels and travels – free pickup
- Valuation: 45 million Dollars (1,000 billion VND)
- Date of the valuation: August 2018
Challenges
Till the end of 2018, Vntrip had more than 500,000 people using and more than 10,000 hotel partners across the country, along with thousands of booking transactions and travel tickets every day via website, mobile and other channels. Vntrip’s biggest challenge is to secure customer data completely and to maintain the system availability upfront Cyber threats.
In addition, Vntrip’s application and system had been updated new versions weekly and continously such as new functions and promotions, etc. As a result, more probable bugs and vulnerabilities could exist in which developers could not detect.
A must-do task was to scrutinise and re-patch the critical vulnerabilities as soon as possible as if those bugs were great opportunities for hackers. Vntrip originally utilise Pentester teams at their company along with external Penetration Testing service to implement testing on their APIs, web & mobile applications; Results and reports were sent to Vntrip per month.
Nevertheless, the result of the report didn’t bring much value as expected; since the 2nd report results, most of which were no difference, in other words, no critical vulnerabilities were found on Vntrip’s product despite of relentless update on APIs and software. Mathematically, the real cost that Vntrip must pay within this service was substantial.
Solution
Regarding this circumstance, Vntrip has decided to use Whitehub – a Crowdsourced Bug Bounty Platform, so as to boost cybersecurity level for the enterprise’s products. Whitehub leverages the power from hundreds of security experts to find bugs and vulnerabilities in a faster pace.
Initially, Vntrip had implemented Bug Bounty program publicly on Whitehub since Jan/2019, the scale was all of the company’s products and applications:
- URL website *vntrip.vn
- Vntrip’s mobile app on Android
- Vntrip’s mobile app on iOS
Results
Shortly after launching, critical bugs were detected by experts from around the world. It was reported directly to Vntrip for a quick remediation process.
After almost 2 months of implementing Bug Bounty on Whitehub, many vulnerabilities had been patched efficiently, including many high-risks actor. The cost for Vntrip’s security activities were also significantly reduced. Overall, with Crowdsourced Bug Bounty method, the company only have to pay less than 100 USD for every Critical vulnerability.
