Government Bug Bounty Program
Bug Zero is currently actively promoting bug bounties in local private institutions and aims to expand the scope by introducing bug bounties to governmental institutions in partnership with the Information Communication Technology Agency (ICTA) and SL Cert in Sri Lanka.
This scale-up grant will help to carry out initial threat modelling for building a threat classification framework for all government and government-affiliated entities, which includes 200+ potential individual government organizations. This will aid in the promotion of bug bounties as an effective tool for government organizations as well as a good economic opportunity for youth.
In the initial phase, the project will run pilot programs for the identified set of government entities to understand the end-to-end pipeline that involves from getting a vulnerability report to an actual fix in terms of helping them with not only using the bug bounty platform but also with the triaging and vulnerability remediation validation phases.