Blackphone Gets Bug Bounty Program Off Ground
This article explains how at the famous computer security conference, DEF CON, held in August of this year had a special event where those in attendance were encouraged to tweet bugs found in the self-proclaimed most secure smartphone called Blackphone. Due to huge amount of tweets, Daniel Ford, the chief security officer from Blackphone and in charge of the security of the PrivatOS, decided to start a bug bounty for the phone view Bugcrowd. Bugcrowd is a bounty program with about 12,000 security enthusiasts and researchers who are invited on “bug-hunts” and are compensated for significant findings. Companies can’t necessarily afford to pump a lot of money into hiring or contracting people dedicated to finding bugs, but, with Bugcrowd, they can get faster responses and at a cheaper rate by taking advantage of researcher’s enthusiasm. At one point Blackphone had entered the Bugcrowd market and an “average of 10 bugs per day were being reported.” Some were considered to be critical vulnerabilities. Additionally, researcher Jon Sawyer actually discovered a way to root the phone. He alerted Blackphone and the problem was subsequently fixed. DEF CON continues to bring security to the forefront of everyone’s mind in the mobile and IT field.
The idea of bug bounties is a great idea for the IT industry. What makes it so good is the collaborative effort involved. Someone might find a bug which can spark an idea for another individual to see if they can use that to exploit another vulnerability. This kind of collaboration is not only a brilliant idea but seems almost necessary for companies to push for more secure applications and software. It’s very similar to open source software but with a focus on security. I think bug-bounties will continue to grow and are the future of not only mobile applications but securing technology as a whole.
Mimoso, Michael. “Blackphone Gets Bug Bounty Program Off Ground.” Threatpost. N.p., 23 Sept. 2014. Web. 17 Nov. 2014.