Secuna, a crowdsourced cybersecurity testing platform in the Philippines, is offering its community of security researchers to provide free bug bounty and vulnerability disclosure programs to help the government agencies and private organizations better their security capabilities.
“Governments and non-governmental organizations can run vulnerability disclosure programs (VDP) through the Secuna platform for free,” said AJ Dumanhug, CEO of Secuna. “They can also run bug bounty programs (BBP) for free, with no platform subscription, if they want to incentivize security researchers for reporting a valid bug.”
A VDP is a structured method for third parties, researchers, and ethical hackers to report vulnerabilities easily. The program provides a straightforward method to communicate findings and to show customers and investors that they take security seriously. It gives organizations a chance to develop a patch and disclose the issue once a solution is ready. This approach follows the international standard ISO/IEC 29147:2014 for vulnerability disclosure.
Ethical hackers disclose vulnerabilities for both VDP and bounty programs. The key difference is that bug bounty programs include rewards or incentives to encourage cybersecurity professionals with a wide range of skill sets and experiences to find, identify, and report potential vulnerabilities.
In BBP, no money changes hands until the vulnerability is validated and determined to be compliant with the terms specified on the policy page of the program, and the payout is based on the severity of the reported vulnerability. Bug bounty programs can either be open or private.
While bug bounty and vulnerability disclosure programs are already standard security procedures in the private sector, there’s still much work to be done to strengthen the country’s defenses against the proliferation of malicious cyber-attacks and data breaches that could lead to national risks.
Secuna outlines the set of its features and provides guides and other resources for putting these free cybersecurity tools to best use. Secuna encourages government agencies and SMEs to contact them to assess and help them implement the best cybersecurity practices.
“They only need to set up a policy on our platform which contains rules, a target list, and a list of acceptable vulnerabilities. Then they will launch their VDP or BBP so that the vetted community of researchers in our platform can start looking for vulnerabilities and report them accordingly. These are free trial services and have no limits,” said Dumanhug.