For those of you not familiar with what a bug bounty program is, here is a short description taken from Wikipedia:
“A “bug bounty” program is an event or ongoing initiative where programmers and computer engineers compete for a “bounty” (a cash payment or prize) to find “bugs” in the security mechanisms or functionality of a product or service.
A “bug” can be defined as: an error, flaw, failure, fault, or vulnerability in a computer program or system that causes it to produce an incorrect or unexpected result, or to behave in unintended ways.”
Most of the largest technology companies have bug bounty programs; Apple, Google, Microsoft, Facebook pay out large sums of money to the researchers that find vulnerabilities in their products and services. Since Facebook’s bug bounty program began in 2011, it has paid out over $7.5 million USD. Apple has also recently announced a $1 million bug bounty for any bugs found in the iPhone operating system.
Why are bug bounties important?
When people think of bugs, they tend to think of the common problems they’ve experienced with software when their applications fail to load or crash for seemingly no reason. But when it comes to security, a “vulnerability” is a type of bug that allows someone to break into the product, accessing confidential information like databases of usernames, passwords, and other types of private data.
Bug bounties are a great way for companies to crowdsource the finding of bugs. They also help establish a level of trust and validation between researchers, security vendors, and customers.
Our Bug Bounty Program
At Byos, we are running our own bug bounty program to help create awareness of our product, the Portable Secure Gateway, and how it can provide you and your business with protection against common threats on public Wi-Fi.
In the security industry generally, a customer must trust that the vendor’s product or service performs as promised, but in more traditional industries, it is easier to tell if a product is working as it is supposed to; when you buy a car, it's obvious when it is not working as advertised, but when you buy a security product, it can be difficult to determine if it is working properly.
Because the Portable Secure Gateway is a new way of protecting devices against network threats, it is necessary to get the validation of the security community before going to market. Our bug bounty program will help ensure that the protection features and security mechanisms found within the Portable Secure Gateway are third party tested.
We have three bug bounty events planned for 2019. Our first one was held during the week of BlackHat; you can check out our blog post about it here.
We have two additional bug bounty events scheduled this year. The second event is taking place in September at the hardware hacking conference Hardwear.io in Amsterdam and the third will be taking place in October at South America’s oldest security conference, H2HC.