London-headquartered company seeks ‘outside perspective’ on AppSec

Loyalty management tech firm Antavo launches bug bounty program

Antavo, a loyalty management software company, has launched a bug bounty program on European crowdsourced security platform Hacktify.

Ethical hackers will receive payouts up to €240 ($283) for qualifying security flaws found in its loyalty management application.

Antavo, which counts BMW, PepsiCo, and AbInBev among its clients, told The Daily Swig that it has so far received three submissions for critical vulnerabilities, as well as one low-severity bug.

Catch up on the latest bug bounty news

The public program has already paid out one bug bounty reward since it launched a little over two weeks ago, on July 6.

“Antavo dedicates a considerable amount of resources to expanding its infrastructure and development teams to deliver the highest possible data and privacy protection for both its clients and their customers,” said Antavo engineering director Csaba Horvath in a press release.

“Still, sometimes an outside perspective can yield further findings, which is why we have decided to enlist the help of white hat hackers from all across the globe.”

‘Personalized service’

Both Antavo and Hacktify were founded by Hungarians. Hacktify is based in Hungary, while Antavo was founded in London in 2012 but also now has offices in Hungary and five other locations.

However, Antavo CEO and co-founder Attila Kecsmar cites reasons beyond the Hungarian connection for choosing to become only the third organization to join Hacktify after its October 2020 launch.

“We asked some white hat hackers and they told us the platform doesn’t matter actually,” he told The Daily Swig.

“These kinds of bounty platforms charge fewer service fees than the bigger ones, so it’s better for the white hat hackers.

“Hacktify has a solid background, and they are well known in the industry. We can receive more personalized service with them. Our program is in a highlighted position on their platform.”

Csaba Mészáros, co-CEO of Hacktify International, told The Daily Swig that “incoming bug reports are pre-validated based on a list of quality check criteria (in-scope, reproducible, clear, with recommendation to fix)”, and that Hacktify has “no hidden costs”.

RELATED Bug Bounty Radar // The latest bug bounty programs for July 2021