PT Trinusa Travelindo and all its affiliated companies under Traveloka Group of Companies (“Traveloka”, “Us”, “We”, or “Our”) is committed to keep its services safe for everyone, which is why data security is our utmost priority. Traveloka welcomes any contributions and information by security researchers who find various types of security vulnerabilities seen in our services, in which case we would be appreciative if you would privately disclose your findings to us, giving us time to fix it before making a public disclosure. Traveloka offers a bounty or reward to these external security researchers for their invaluable contribution in improving security at Traveloka.
Traveloka will not take any legal action against security researchers who report a vulnerability as long as they comply to the Traveloka bug bounty rules. However, Traveloka will take legal action against those who do not follow the rules based on applicable laws, including but not limited to, Undang-Undang Republik Indonesia No. 11 Tahun 2008 tentang Informasi dan Transaksi Elektronik,Electronic Transactions Act of Singapore, or any local law of Electronic Information and Transactions. Please read the following rules before reporting a vulnerability. By participating in this program, you agree to be bound by these rules.
The following issues won't be considered for a bounty:
The following issues are known or have been considered by design and won’t be available for bounty:
Reward amounts may vary depending upon the severity of the vulnerability and its impact on Traveloka, the quality of the report, and the type of affected system. Traveloka uses the international standard for risk calculations that is OWASP Risk Rating Methodology.
We are sorry that the vulnerability scored < 3 (Info to Low) is not eligible for bounty. While scored >= 3 (Medium to Critical) is eligible for monetary reward. We will proceed the reward as soon as possible after completely verification, keep in mind that it can take up to 90 days for security researchers to receive the reward.
Traveloka bug bounty program appreciate and gratitude security researchers for helping us to make our products and services safer. We are happy to present the list of researchers who have participated in this program: