For the first two years, Toss's program only ran for a few months, but since the end of 2023, the company has maintained it continuously. Hackers can report vulnerabilities to the application whenever they discover them. These white-hat hackers can be rewarded up to 30 million won (over half a billion Vietnamese dong) for finding critical bugs.
Toss is the only financial company in South Korea that regularly runs a bug bounty program. This reflects the company's confidence in its security capabilities, according to Lee Jong Ho, a white-hat hacker and head of security at Toss.
Speaking to the Korea Herald, Lee said that the bug bounty program can expose vulnerabilities in a company's security system that it was unaware of. Furthermore, Toss is the only Korean company with a "red team"—a term referring to a team of cybersecurity professionals tasked with simulating attacks to test the effectiveness of security systems or strategies.
Toss's red team consists of 10 white-hat hackers in addition to Lee. They collaborate with the "blue team" (the defense team) daily. "By removing the biases, we discover vulnerabilities that companies overlook and try to penetrate the defenses, thus strengthening our resilience against real threats," Lee explains.
Toss has enhanced its security measures by creating customized defense programs, such as Toss Guard and Phishing Zero, and integrating them internally. These measures not only ensure flexibility and scalability to accommodate the company's growth but also foster a robust defense system suited to Toss's unique environment, Lee emphasized.
However, committing to enhanced security is not a simple option for companies due to the significant costs involved. According to a report by Viva Republica, the operator of Toss, of the 83.9 billion won invested in IT last year, 11.5% – equivalent to 9.6 billion won – was dedicated to security, one of the highest percentages recorded among South Korean technology companies.
Lee shared that this commitment to enhanced security was the reason he chose to join Toss. After spending a decade at security solutions provider RaonSecure, Lee was sought after by many companies. Initially, he rejected Toss but was later persuaded by founder and CEO Lee Seung Gun and changed his mind.
Lee emphasized that Toss's defense system is not perfect. Ironically, as technology advances, cybercriminals find it easier to infiltrate our daily lives, he noted. Generating AI technologies such as big language modeling and ChatGPT offer new attack methods, lowering the barrier to entry for cybercriminals. In addition, there is ransomware offered as a monthly subscription service.
Recognizing the rapidly growing market, Lee argues that it's crucial for companies to develop their own security systems instead of relying on ready-made solutions. Simultaneously, he believes raising overall awareness is necessary to mitigate the risk of cyberattacks. He suggests incorporating cybersecurity into mandatory education programs, similar to fire safety education in schools.
(According to Korea Herald)
Source
![[Photo] Prime Minister Pham Minh Chinh receives the Governor of Tochigi Province (Japan)](/_next/image?url=https%3A%2F%2Fvphoto.vietnam.vn%2Fthumb%2F1200x675%2Fvietnam%2Fresource%2FIMAGE%2F2025%2F12%2F16%2F1765892133176_dsc-8082-6425-jpg.webp&w=3840&q=75)
![[Image] The tenacious fighting spirit of Vietnamese women's football](/_next/image?url=https%3A%2F%2Fvphoto.vietnam.vn%2Fthumb%2F1200x675%2Fvietnam%2Fresource%2FIMAGE%2F2025%2F12%2F17%2F1765990260956_ndo_br_4224760955870434771-copy-jpg.webp&w=3840&q=75)
![[Live] 2025 Community Action Awards Gala](/_next/image?url=https%3A%2F%2Fvphoto.vietnam.vn%2Fthumb%2F1200x675%2Fvietnam%2Fresource%2FIMAGE%2F2025%2F12%2F16%2F1765899631650_ndo_tr_z7334013144784-9f9fe10a6d63584c85aff40f2957c250-jpg.webp&w=3840&q=75)
Comment (0)