Toss Decides to Run Bug Bounty Challenge Year-round

2024.02.15ㆍby toss

Held in 4Q of 2022, first self-hosted bug bounty program in Korea’s financial sector
Now in its third year, program has been greatly expanded to include all Toss affiliates with year-round operation
Security Technology Team Leader Jongho Lee: “Running an ongoing bug bounty program highlights Toss' dedication to making security and trust top priorities.”

Viva Republica, the operator of the financial super app “Toss,” announced that it will transition the “Toss Bug Bounty Challenge” into a year-round initiative.

A “bug bounty” is a program that rewards participants who identify and report security vulnerabilities in a product or service. IT companies and government agencies worldwide actively leverage these types of programs as they allow them to preemptively discover and address security issues.

Toss held its first Bug Bounty Challenge in Q4 2022, marking the first self-hosted initiative of its kind in Korea’s financial sector. Now in its third year, Toss decided to significantly expand its operations. Previously, participation was limited to select affiliates during specific operational periods, but starting this year, all Toss affiliates, including Toss, Toss Bank, and Toss Securities, will take part. Additionally, it no longer has a fixed timeframe as the program will now operate year-round.

Interested users can apply via the official “Toss Bug Bounty” website, and it is open to any Toss user with an interest in security. Participants will receive access to a special penetration testing environment, where they can conduct simulated attacks and submit vulnerability reports on their findings.

The scope of the program covers key services within the Toss app and the official websites of all affiliates. Submitted reports will undergo internal review and validation by Toss’ Security Technology Team, offering rewards of up to ₩30 million per valid report.

“The implementation of a continuous bug bounty program highlights Toss’ prioritization of security and trust,” said Jongho Lee, Leader of Toss Security Technology Team. “We will continue with our commitment to ensure that all Toss users can safely rely on our financial services with confidence.”