← Back to Ola Homepage
Drive with Ola
Ola Money
Ola Corporate
Ola Foundation
Offers
Support
Ola Drive Ola Select Ola Fleet Features
×
FAQs

FAQ's

  • Q: What if I found a vulnerability, but I don't have a proof of concept?
  • A: We expect that vulnerability reports sent to us have a valid attack scenario to qualify for the program, and we consider it as a critical step when doing vulnerability research. Honourable mention is awarded based on the maximum impact of the vulnerability, and the panel is willing to reconsider, based on new information (such as a chain of bugs, or a revised attack scenario).
  • Q: How do I demonstrate the severity of the bug?
  • A: Please submit your report as soon as you have discovered a potential security issue. The panel will consider the maximum impact and will triage accordingly.
  • Q: I found an outdated software (e.g. Apache or Wordpress). Does this qualify for a recognition?
  • A: Please perform due diligence: confirm that the specific software has any noteworthy vulnerabilities, and explain why you suspect that these features may be exposed to risk in Ola specific use cases. Reports that do not include this information will typically not qualify.
  • Q: Who determines whether my report is eligible for hall of fame?
  • A: Members of the Ola security team.
  • Q: What happens if I disclose the bug publicly before it has been fixed?
  • A: We try to respond promptly and fix bugs in a decent time frame as we care about security from core. If you go public without disclosing to the Ola security team, your bugs will not be any more eligible for the recognition, and you will get blacklisted from the program. Depending on the case, we might also take legal action.
  • Q: What if somebody else also found the same bug?
  • A: You will qualify for a recognition only if you were the first person to alert us to a previously unknown flaw.
  • Q: I reported a vulnerability but have not received a response?
  • A: Please allow up to 3 business day for an initial response.
  • Q: What is honorable mention or hall of fame?
  • A: This is the page we have put up to appreciate the efforts and recognize the security researchers.
  • Q: How do I report a vulnerability?
  • A:Please contact us using this form: Report Bug . Please note that reports about fraud-related activity, account disputes, or spam are not part of the responsible disclosure program but we have a process to report them to us.