Byos Bug Bounty - Vegas 2019

We held our first Bug Bounty event in Las Vegas, during the week of BlackHat. As an invite only event held over the course of 3 days, more than 20 security researchers from North America, South America, and Europe participated.

Highlights from the participant list include:

As well as several independent researchers from around the globe.

We rented a house off of the strip and invited the researchers to take a swing at cracking the security mechanisms of the Byos μGateway. Each researcher was given their own Byos device and could test three vectors of attack:

  • Hardware tampering

  • Web-based attacks

  • Network protection mechanism bypass

The overall objective of the bug bounty program is to validate the security claims of the Byos μGateway and to discover any existing vulnerabilities in the product and its features. Additional benefits include:

  • Practicing the company’s internal vulnerability handling process

  • Increasing our security team’s awareness of how attackers approach the security mechanisms of the product

  • Learning and validating security development best practices by having active feedback from researchers

  • Gathering external expert opinions on the product’s feature-set, benefits and use-cases

The Bug Bounty program allows for a higher level of transparency between vendors and security researchers and helps the customer trust the claims made about the validity of the protections offered.

The event was a success. The participating researchers were required to submit Proof of Concepts, describing their methods.

Thanks to all of the researchers that participated. Our next bug bounty event will be taking place at the Hardwear.io security conference on September 26th and 27th in the Netherlands. 

 

We have compiled the results in a technical white paper.

 

Update: The results of our second bug bounty are in - check out our blog post and white paper to see the evolution of the Byos μGateway’s protection features.

 

awards_bugbounty.png

 

At the awards ceremony, the researchers explained their findings and gave their overall experience of the bounty.

Byos Bug Bounty #2 - Hardwear.io HardPWN 2019

What is a Bug Bounty Program?