“Bug Hunts” just got more interesting and rewarding. Usually it would cost any company a lot of money for a system vulnerability to be identified. These costs while affordable for big corporations, would leave small and medium companies out in the cold.
Award winning French startup Buglab aims to turn these hunts into competitions where all businesses can afford the security testing. They offer a reward to White Hat hackers for the same. Started in 2016 by Reda Cherqaoui, Buglab has won the government sponsored “French Tech Ticket” season 2.
There are a lot of reasons why cyber security is needed. The crowd sourcing process for corporate penetration testing is of course a costly function. Usually each company has its own IT departments and cybersecurity consultants. These consultants would perform tests and try to hack into the system. Any bugs found would accordingly be reported and rectified by the IT departments. In todays day and age, companies are becoming more proactive in conducting these tests. In the past it was more of a reaction to a breach. Unfortunately these tests are not economical for small or medium size firms.
A formal test could cost anything between EUR 700 – EUR 900 per day (not feasible for small size firms). According the Cherqaoui, companies would prefer to pay for ADword campaigns than for security checks. Size of the company would not deter a hacker. Usually small size firms would get hacked more often than large ones however the media attention received would not be the same. Which is why one does not realize how common this problem is. How Buglab WorksCherqaoui wanted to find a way to make penetration testing possible even for the smaller companies. How? Buglab invited certified pentesters to join in the challenge campain, created by Ethereum smart contracts. By making it a contest, all pentesters report their findings on priority.
Their findings are timestamped and triaged. The score is based on importance and accordingly they are ranked. Ranks are updated live on a scoreboard for all to see. Once the challenge is complete, top three bug finders receive a reward.
Any bug identified by some other tester (missed by the top three winners) would also receive a bonus reward.