We most likely do not need to explain to you how important it is that your company is as protected and secured as possible, both online and offline. Over the coming weeks we will explain which resources we provide, how this contributes to the safety of your company, and what you can do yourself to protect your organization. In this first blog of the series, we will explain the Bug Bounty Program which we have set up and implemented over the last year.
A bug what? I’ll explain that to you in detail.
With a Bug Bounty Program, software is ethically hacked. When something is hacked, it means that your software is broken into to gain access to or steal sensitive information, or to disrupt your software. Ethical hacking is in principle the same as ‘normal’ hacking. There is one significant difference between ‘normal’ and ethical hacking: ethical hackers do not wish to cause any harm. Ethical hackers hack to help rather than to cause damage.
With our Bug Bounty Program, we invited ethical-hack-experts to discover weak points in the safety of the Freedom platform and on our website. We did this through the Intigriti platform. Every bug that was discovered was financially compensated for, or depending on the severity of the ethical hacker’s findings, given an honorable mention. The Bounty in this program sadly isn’t related to the yummy chocolate bar. 😉
The Freedom platform was of course already safe and reliable. However, to make it even safer, we found it valuable to use the wisdom of the crowd, because two brains are better than one. The Bug Bounty Program ensures that potential vulnerabilities are detected early on. By fixing these bugs as soon as possible, we prevent breaches by hackers with unethical intentions. This is good news for you and your company, enabling you to make use of Voys’ telephony products without having to worry.
And don’t worry: we created a separate space in Freedom where the ethical hackers could do their best to discover the bugs, without interference on your telephone platform.
You now know how the Bug Bounty Program works and why we implemented it. But what have we actually learned from this?
There are several bugs that were found by the Bug Bounty Hunters. Naturally, we took this seriously and addressed it immediately. The telephone system was never in any danger throughout this process. Through the discovery of the bugs, Freedom has become even safer than it already was.
This way you can confidently focus on your business and make use of the telephone system Freedom without worrying.
We will not bother you with all the technical outcomes of the Bug Bounty Program but we would like to share some general learnings with you.
Our developers (and the rest of the organization) are even more aware of the tracing of potential vulnerabilities.
We make use of various tools through which the most frequent vulnerabilities become visible immediately after writing new code. Developers will then immediately be able to rewrite and fix the code, before it is put live.
Checking each other’s codes was already common practice in our developing process. This process was further refined as a result of the program.
The reports that came in were firstly assessed by Intigriti, filtering out irrelevant reports, allowing us to focus on the valid bugs. Regardless of which platform you choose to set up your Bug Bounty Program, we strongly recommend reviewing all incoming reports.
Besides being able to identify and solve the bugs, as an organization, we also learned a lot from the process. This way we make it even more difficult for hackers to intrude/access your telephone platform.
Do you develop or deliver software to your customers? Or do you want to make your website even more secure? Then we recommend that you spend some time researching whether a Bug Bounty Program is valuable for you. Here are the benefits:
A group of security experts makes your software safer by searching for weak points in your code. Your platform will thus be secured through an advanced method using the latest technologies.
Your code is tested continuously, constantly securing your software and making it resilient against (new) threats.
Any possible weaknesses are detected early on. By acting proactively you avoid potential problems. Customer happiness increases when they can use your product without any issues occurring.
With a Bug Bounty Program, you show commitment to proactively address possible security issues, so that you can solve them quickly and efficiently. This way you create trust between you and your customers.
Through publicly inviting someone to hack your software, you show that you are transparent and that you value security highly.
As Johan Cruyff would say: Every advantage has a disadvantage. And setting up a Bug Bounty Program is no exception. It costs time and money to set it up and implement it. Our advice is to carefully consider both the advantages and potential drawbacks for both yourself and your business before you look into a platform to set up a Bug Bounty Program.
Proactively looking for bugs within your platform is good news for your company’s security. You ensure that any weaknesses are detected early and can be fixed. At Voys, we ensured that it has become even more challenging for hackers to breach our Freedom platform by implementing the Bug Bounty Program. Do you have questions regarding this topic, are you curious about our approach, or are you considering setting up a Bug Bounty Program? Do not hesitate to contact us at firstname.lastname@example.org.
By the way, we have recently made the Bug Bounty Program accessible to the public, allowing everyone to become a Bug Bounty Hunter. If you have knowledge in hacking and find enjoyment in testing our telephone platform for potential vulnerabilities, we invite you to explore ethical hacking of our Freedom Platform. Good luck!
On our blog we post about a lot of stuff, just go for it and read some posts for your own fun.
from 3 August 2023
from 9 May 2023