Initiative adds another layer of protection for end-to-end identity verification platform

Onfido bug bounty program launched to help shore up ID verification defenses

Digital identity verification company Onfido has launched a new bug bounty program, in partnership with European vulnerability disclosure platform YesWeHack.

The security rewards program will provide Onfido with access to YesWeHack’s community of 40,000 ethical hackers.

According to UK-based Onfido, the partnership comes as part of the company’s continued commitment to pen testing its platform against cyber-threats and delivering secure platform solutions.

Open access

The initiative was launched as Onfido continues to expand its Real Identity Platform to deliver a suite of trusted data sources and identity verification services.

“Together, Onfido and YesWeHack defined the rules for the bug bounty program including the scope of the test, the vulnerabilities that qualify for a reward, and their value,” a press release reads.

Read more of the latest bug bounty news

Commenting on the partnership, Alex Valle, chief product officer at Onfido, said: “Security and compliance are essential to our mission of creating a more open world, where identity is the key to online access, and we are always looking for ways to strengthen this.

“The bug bounty program delivers us gold standard protection from bad actors, identifying and fixing any critical vulnerabilities before they even have a chance to arise.”

Since the beginning of 2022, YesWeHack said it has launched more than 200 new bug bounty programs and hosted several live hacking events.

“Onfido’s goal is to improve and grow the program little by little, by inviting more researchers, increasing the scope and raise the rewards,” a YesWeHack spokesperson told The Daily Swig.

“Switching from private to public is definitely one of their goals as they want to have the best possible coverage on their assets, however the program hasn’t reached that level of maturity yet.”

INTERVIEW Sonatype CTO Brian Fox on the struggle to secure the neglected software supply chain