About Vntrip
- Industry: Hotel and travel, Technology Service
- Business model: Technology Startup
- Scale: 300-400 employees
- Solution: Online booking for both hotels and travels – free pickup
- Valuation: 45 million Dollars (1,000 billion VND)
- Date of the valuation: August 2018
Challenges
Till the end of 2018, Vntrip had more than 500,000 people using and more than 10,000 hotel partners across the country, along with thousands of booking transactions and travel tickets every day via website, mobile and other channels. Vntrip’s biggest challenge is to secure customer data completely and to maintain the system availability upfront Cyber threats.
In addition, Vntrip’s application and system had been updated new versions weekly and continously such as new functions and promotions, etc. As a result, more probable bugs and vulnerabilities could exist in which developers could not detect.
A must-do task was to scrutinise and re-patch the critical vulnerabilities as soon as possible as if those bugs were great opportunities for hackers. Vntrip originally utilise Pentester teams at their company along with external Penetration Testing service to implement testing on their APIs, web & mobile applications; Results and reports were sent to Vntrip per month. Nevertheless, the result of the report didn’t bring much value as expected; since the 2nd report results, most of which were no difference, in other words, no critical vulnerabilities were found on Vntrip’s product despite of relentless update on APIs and software. Mathematically, the real cost that Vntrip must pay within this service was up to 50 MillionVND / 1 bug.
Solution
Regarding this circumstance, Vntrip has decided to use Whitehub – (Crowsourced Security) so as to boost Cyber security level for the enterprise’s products. Whitehub leverages the power from hundreds of Cyber Security experts finding bugs and vulnerabilities and swiftly detecting them.
Vntrip had initially implemented Bug Bounty program publicly on Whitehub since Jan/2019, the scale was all of the company’s products and applications:
- URL website *vntrip.vn
- Vntrip’s mobile app on Android
- Vntrip’s mobile app on iOS
Results
After only 2 days, some initial bugs were detected by Cyber Security experts and that were reported directly to Vntrip so as to quickly re-patch. On 23/1/2019 marking a cornerstone in Vntrip’s data security when the firm detected a critical vulnerability at the stroke of the day – a highly potential threat of Vntrip’s customer data and membership card leakage. After almost 2 months of implementing Bug Bounty on Whitehub, a total of 78 bugs were found and re-patched, 25 of them were highly dangerous as being critical. The cost was merely 92 million VND and Vntrip statistically paid an amount of less than 3 million VND for 1 high-critical bug.
Vntrip soon recognised posivitide sides of cyber security via crowsourced security in comparison with the traditional security approach, predominantly with technology firms. At present, Vntrip integrates Whitehub into Vntrip’s product life cycle directly. Thus, immediate responses of delving into application updates will take hold and be sorted out whenever the company releases them.
