The swedish brand Mathem is now part of the Oda group.

We've added the mathem app for both iOS and Android as well as the website mathem.se to the bug bounty program

We remind you that be mindful of the requests per second (RPS) when testing our services, this is especially important when running automated tools such as fuzz faster u fool.

The current limit has been updated to 5 RPS. IP addresses that keeps violating this rule will get banned permanently.

We also encourage you to use the x-bounty header so that we can distinguish your traffic from malicious.

Thanks!
Security team in Oda

We have updated the scope for the program to include our domain *.prod.nube.tech. Most of the services are behind our authentication proxy and therefore not exposed.

However, you will find our new authentication service available on login.oda.com and login.prod.nube.tech. This is a new service built with Django.

Technology updates

We are introducing Fasty CDN and Fastly WAF on our main site, oda.com. We are especially interested in any misconfigurations that can lead to vulnerabilities.

General

Oda has temporarily shutdown its operations in Germany and Finland which also means that the shops are down. However, you can still test our shop in Norway but unfortunetly it is only available in norwegian.

Regards,
Security team in Oda

We now require the request header **X-bounty: <your Intigriti username> ** on all request when you participate in Oda's bug bounty program.

In Burp Suite you can simply add a rule under: Proxy > Options > Match and replace.

Regards,
Security in Oda

As of today, we have increased the bounties.

Regards,
Security in Oda

Hi!

We've now been running the bug bounty program for about a month. We've decided to increase the scope and added *.oda.com to the scope.

Regards,
Security in Oda