What is Buglab Project?

tinhkhuat

What is Buglab Project?

Buglab is a platform that assists users and organizations by identifying potential cybersecurity issues. Buglab connects security experts or cybersecurity penetration testers with enterprise clients with information security needs. The platform will also incorporate what the company calls the “Vigilante Protocol”, where whitehat researchers are able to report on system vulnerabilities, of which they are not hired to do so (in order to gain recognition and potentially obtain points). A whitehat researcher can become a penetration tester (pentester) and take part in challenges after receiving a sufficient number of points. BGL tokens are used to reward users and to pay transaction fees for actives in the Buglab ecosystem.

Buglab will offer a unique, competitive, incentivized, and easy-to-use platform to address this widespread and growing business need. Buglab will assist companies, whether in IT, financial services, or in retail, to identify and mitigate cybersecurity gaps they may not (but should) know about. The solution makes cybersecurity services accessible to even the very smallest enterprises that typically lack both the resources and budget to tackle cybersecurity vulnerabilities using traditional means. The Buglab platform detects and remedies vulnerabilities on various business applications, websites, mobile applications, Internet of Things (IoT) devices, and smart contracts by transforming penetration test services into challenges, referred to as contests, for a community of independent information security consultants with certified qualifications.

The Buglab Solution:

The Buglab platform links organizations that have information security needs, which is just about all of them, with a community of certified cybersecurity penetration testers in an incentivized environment, where testers are rewarded when they uncover system vulnerabilities, ranked by severity and potential impacts. It’s done as a race against time. Importantly, finding unique vulnerabilities is ranked above simply producing a list of issues.

Core Features of the Buglab Platform:

The Buglab platform enables customers to either use the mass of pentesters or choose a validated team from a known company. Teams must include no fewer than five pentesters. A variety of customizations are available, specific to your organizational needs. Some of the features envisioned are highlighted next.

Public Contest: Once a company has provided basic information and launched the contest, the community receives a public invitation to participate.
Private Contest: Clients also have the option to choose a select number of pentesters from the community or choose a validated team from a known cybersecurity firm to complete the challenge.
Selection Filters: Clients have the option during a private challenge of selecting pentesters using different filters. These include country, score, skillset, etc.
Triage System; Vulnerabilities reported go through our sorting system to identify duplicates before landing on the customer’s dashboard. The customer is guaranteed to only get notified about relevant submissions.
Reports: The company receives reporting on it’s security contests. This feature summarizes each contest’s performance and allows the client to graphically compare the security status and progress of its assets.
Client-Managed: The company can choose from three types of contest management (Basic, Pro, and Enterprise). In the case of the latter, the client is responsible for sorting, classifying and grading reports.
Mediation: When a customer opts to manage their challenge themselves, a pentester from the community can ask for mediation from Buglab. This mediation may be required in the event that a pentester deems the score or validation to be inaccurate. A Buglab team can obtain details regarding the cause of the disagreement and evaluate it impartially.
Leaderboard: A dashboard offers ranking of pentesters from the community according to experience and results on the platform. This provides greater visibility for the best pentesters and makes it easier to select participants for a private challenge.
Chat: Every vulnerability report is a chance to engage in conversation with pentesters and to obtain their help fixing it.
Fix Companion: At the Enterprise level, Buglab will verify that the fix has been implemented.

How Does The Buglab Work?

Buglab contests work simply by inviting a community of professional cybersecurity experts to find vulnerabilities in their mobile apps, websites, smart contracts, and IoT devices. Penetration testers operating on the Buglab platform are subject to a lengthy validation and vetting process, after which they are free to attempt to crack the devices and platforms Buglab users make available for testing.

The Buglab white paper, released in January 2017, presents a succinct explanation of Buglab methodology:

“The buglab methodology links organizations that have information security needs, which is just about all of them, with a community of certified cybersecurity penetration testers in an incentivized environment, where testers are rewarded when they uncover system vulnerabilities, ranked by severity and potential impacts. It’s done as a race against time.”

Users of Buglab are able to select from a number of different options when presenting their platforms and devices for pentesting. It’s possible to either engage the services of the Buglab community as a whole, or select a validated team from a reputable pentesting company.