We held our first Bug Bounty event in Las Vegas, during the week of BlackHat. As an invite only event held over the course of 3 days, more than 20 security researchers from North America, South America, and Europe participated.
Highlights from the participant list include:
Gabriel Barbosa, Principal Security Researcher at Intel (USA)
Gustavo Scotti, Principal Security Researcher at Intel (USA)
Patrick Mathieu, Offensive Security Lead at Duo Security (USA)
Colin O'Flynn, CEO of NewAE Technology (Canada)
Thomas Roth, Founder at Keylabs (Germany)
Offensive security team at Pride Security (Brazil)
As well as several independent researchers from around the globe.
We rented a house off of the strip and invited the researchers to take a swing at cracking the security mechanisms of the Byos μGateway. Each researcher was given their own Byos device and could test three vectors of attack:
Hardware tampering
Web-based attacks
Network protection mechanism bypass
The overall objective of the bug bounty program is to validate the security claims of the Byos μGateway and to discover any existing vulnerabilities in the product and its features. Additional benefits include:
Practicing the company’s internal vulnerability handling process
Increasing our security team’s awareness of how attackers approach the security mechanisms of the product
Learning and validating security development best practices by having active feedback from researchers
Gathering external expert opinions on the product’s feature-set, benefits and use-cases
The Bug Bounty program allows for a higher level of transparency between vendors and security researchers and helps the customer trust the claims made about the validity of the protections offered.
The event was a success. The participating researchers were required to submit Proof of Concepts, describing their methods.
Thanks to all of the researchers that participated. Our next bug bounty event will be taking place at the Hardwear.io security conference on September 26th and 27th in the Netherlands.
We have compiled the results in a technical white paper.
Update: The results of our second bug bounty are in - check out our blog post and white paper to see the evolution of the Byos μGateway’s protection features.
At the awards ceremony, the researchers explained their findings and gave their overall experience of the bounty.