Buglab is an Ethereum-based platform that connects companies with a global network of expert cybersecurity researchers. At the center of their ecosystem, there are two programs – the buglab contest and Vigilante Protocol, helping companies all over the world to discover and fix vulnerabilities on their digital solutions or assets. Buglab will offer a unique, competitive, incentivized, and easy-to-use platform to address this widespread and growing business need. Buglab will assist companies, whether in IT, financial services, or in retail, to identify and mitigate cybersecurity gaps they may not (but should) know about. The solution makes cybersecurity services accessible to even the very smallest enterprises that typically lack both the resources and budget to tackle cybersecurity vulnerabilities using traditional means. The Buglab platform detects and remedies vulnerabilities on various business applications, websites, mobile applications, Internet of Things (IoT) devices , and smart contracts by transforming penetration test services into challenges, referred to as contests, for a community of independent information security consultants with certified qualifications.
At the Enterprise level, Buglab will verify that the fix has been implemented. Buglab will attempt to verify (exploit) the vulnerability again. When confirmed as fixed, a Buglab team of analysts will update the status accordingly in the platform. A “fix” can be declined by Buglab to give the company a chance to address the vulnerability again. The company will be allotted up to five attempts to address the vulnerability issue. Through the entire duration of the challenge companies can chat with pentesters and access reports, they will be able to implement recommendations to remedy the vulnerabilities in real time. This is especially useful if the vulnerabilities and the associated fixes are time sensitive. Companies need not wait until the end of the contest to implement a fix.
The Buglab Solution
The Buglab platform links organizations that have information security needs, which is just about all of them, with a community of certified cybersecurity penetration testers in an incentivized environment, where testers are rewarded when they uncover system vulnerabilities, ranked by severity and potential impacts. It’s done as a race against time. Importantly, finding unique vulnerabilities is ranked above simply producing a list of issues.
Advantages of Using the Blockchain to Reshape Pentesting
For a transaction to go into effect, it has to be approved by all the miners, which verify the transaction’s validity. Only then the transaction can be incorporated into network nodes on the blockchain. Adding new blocks requires a consensus between the network’s players. This process renders control by a third party obsolete.
The code for each new block is built on that of the block that precedes it in the blockchain, in such a way that modifying a single block would involve changing all of the blocks in the chain, which is impossible. Within a blockchain, the blocks as a whole are replicated across nodes on the network, and don’t reside on an individual single server. This decentralized architecture acts as a structural defense against data theft. The data on these blocks is protected by a number of innovative cryptographic procedures to prevent modification after the fact.
Within a blockchain, servers and supporting architecture are dispersed across the network. The blockchain is ideally independent of third party services. Miners allocate a portion of their machines’ calculating power to compute algorithms required to validate transactions. This work is rewarded. In a Buglab contest, the first miner to validate a block wins tokens. This opportunity for financial gain encourages powerful competition. For uncovering cybersecurity threats, this method provides value to the client.