Absrtact: December 29 News, in 12306 Web site database leaks, the site added a patch-day vulnerability response platform, and the director of the Chinese Academy of Railway Science, the single highest reward 2000 yuan, called on users to find loopholes. As of press, more than 20 netizens have submitted
December 29 News, in 12306 of Web site database leaks, the site added a patch-day vulnerability response platform, and the director of the Chinese Academy of Railway Science, a single maximum reward of 2000 yuan, called on users to find loopholes. As of press, there have been more than 20 netizens submitted the vulnerability report, according to the level of detection of vulnerabilities, there are 9 users to obtain 50 yuan to 2000 yuan of the amount of reward, the cumulative amount of reward amounted to 4850 yuan.
It is understood that up to 360 of the company's vulnerability platform, security experts and hackers to submit vulnerability reports to the enterprise, according to the extent of vulnerability and impact scope of the enterprise cash rewards, so as to help enterprises to proactively identify and repair loopholes, improve the level of Internet security protection.
In the patch-hole platform, 12306 Web sites have been certified real name, and defined the scope of the vulnerability reward. Among them, low-risk vulnerabilities include "PC client and mobile client local denial of service" and other four vulnerabilities, the reward amount is 50 yuan-100 yuan; the vulnerability includes six vulnerabilities, including the disclosure of sensitive information on mobile app clients, with a reward of 100 yuan-500 yuan; high risk vulnerabilities include direct access to server permissions, Mobile app client permissions and other vulnerabilities, the reward amount of 500 yuan-2000 yuan.
At present, netizens have submitted 12306 sites in 16 high-risk vulnerabilities, 1 vulnerabilities and 5 low vulnerabilities in the patch platform.