What exactly is a “bug bounty”?
Bug bounties are when an organization rewards friendly hackers for finding vulnerabilities in their system. Unfortunately, in parts of the world where the cybersecurity environment is less developed, organizations still view bug bounties with suspicion – they worry that flaws will be found which will pose a danger to the organization.
The truth is, adversaries are constantly on the hunt for vulnerabilities anyway. They will eventually be found and organizations should try to ensure that a friend rather than a foe is the one that finds them.
The recent Bug Zero project worked to improve the cybersecurity environment in Sri Lanka. This involved establishing bug bounty arrangements with companies, setting up a bug bounty platform, recruiting participating hackers, and extensive outreach and education initiatives.
Discover more, including a detailed technical report, on the project page.
Pictured are participants in a meetup of the Colombo Bug Bounty Group held in 2023 as part of the project.