BUGLAB

carens (28)in #ico • 6 years ago

What is Buglab?
Buglab is a Ethereum-based platform that connects companies with a global network of expert cybersecurity researchers.

At the center of our ecosystem, there are two programs - the buglab contest and the Vigilante Protocol, which help companies around the world to discover and fix vulnerabilities in their digital solutions or assets.

What is a BGL Token?
Tokens on the Ethereum blockchain are digital assets stored in token contracts, in trust for a wallet address.

The Token buglab, identified as BGL, is based on the ERC20 standard for blockchain tokens.

BGL tokens are required for all transactions in the buglab ecosystem, from ordering contests to useful spots and whitehat.

Who is Buglab for?

Cybersecurity Market
The impact on Return on Investment (ROI) is difficult to measure, so it takes time for companies to recognize the need for cybersecurity services.

For all too many companies, as well as individuals with any digital assets on their website (including content), there are often violations of their systems before they take action to improve security

Meanwhile, victims of cyber attacks rarely advertise that they have been targeted, unless they have to, and data vulnerability is rarely the first priority because products are rushed to the market, so it is difficult, if not impossible, to get complete statistics on details of cyber attacks, including frequency they or their impact on ROI. However, one aspect is absolutely certain: the trend is clearly increasing, with some widely known geopolitical impacts.

CYBERSECURITY MARKET
A prominent case was the 2016 US presidential election campaign, when a massive email leak overshadowed the Democrats in July 2016. Senator Hillary Clinton's campaign was hit by large-scale cyber attacks that not only placed the Democratic party's general election in jeopardy, but also shaped the political future America. At that time, Reuters reported that "the computer network used by Democratic presidential candidate Hillary Clinton was hacked as part of a widespread cyber attack on Democratic political organizations." The article goes on to say that the attack "followed two other hacking in the Democratic National Committee, or DNC, and the party fundraising committee for candidates for the US House of Representatives."

Security Blockchain
The method offered by Buglab spreads expertise and smart contracts across the blockchain.
Blockchain is a thread of digital records in which various types of data are stored. Together, these distributed (or decentralized) recordings form a database similar to the ledger ledger pages. This virtual ledger is hosted on many servers, which helps verify and authenticate every transaction that is given. This is an intense numerical process, on many machines guided by countless participants, or miners. See also Benefits of Using Blockchain to Reform Pentesting.

Method of Combating Cybercrime
Traditional choices to combat cybercrime are not feasible for small businesses and organizations. The cost of the two general strategies outlined here is quickly becoming inaccessible to all large companies.

Penetration tests conducted by cyber security consulting companies:
Require clients to pay for services in terms of total hours that can be billed, regardless of test results. The majority of penetration tests conducted by consulting firms are carried out by one, maybe two pentesters. This means that clients can only utilize the methodology and skills of the two consultants.

Bounty Bug Challenge:
Information security researchers are paid on a per-vulnerability basis. Companies often end up being billed to fix problems that do not fully affect their income or customers. This is explained in more detail in the next section.

Buglab solution
The Buglab platform connects organizations that have information security needs, all of which are about them, with a community of certified cybersecurity penetration testers in an environment with incentives, where testers are rewarded when they find system vulnerabilities, ranking based on severity and potential impact. This is done as a race against time. Importantly, finding the unique vulnerabilities rated above only generates a list of issues.

Key Features Buglab Platform
The Buglab platform allows customers to use pentester masses or choose validated teams from known companies. The team must include no fewer than five pentesters.

Public Contest
Personal Contest
Selection Filter
Triage System
Report
Chat
Fix Companion
Managed client
Mediation
Leaderboard

Define the Terms
The list of potential use cases is long enough. Scenarios may include uncovering malicious SQL injection, which redirects the contents of the database to the hacker. A system may have authentication cut vulnerabilities. Sensitive company data may not be encrypted. File uploads may not be protected. User sessions can be subject to expropriation by malicious entities. Maybe the vulnerability is relatively straight forward: for example, a company might have an inadequate entry security. The Buglab strategy overcomes these and other vulnerabilities in a cost-effective way to deal with cybercrime and its impact on the client's bottom line

Real-Time Reporting
Client company staff participate in the current contest in real time to view reported reports of vulnerability and mitigation recommendations. They will have the means to communicate with the pentesters for follow up. This platform can also integrate with other reporting tools at the discretion of your company.

Contest
A client registers on the platform and provides information about him, including his products and services. Then, using a simple and user-friendly interface, it subscribes to a competition contract, choosing that rule.

Clients can adjust the confidentiality1 of the competition, the type of management they want, and the cost of the contest, which depends on the selected plan and optional bonuses. If necessary, the Buglab team will interact with customers to help them set program parameters.

Score Contest
After the contest is launched, the community of viewers registered with Buglab will be notified. Our international cybersecurity stage then analyzes, tests, and reports returns of solution vulnerability directly on the Buglab platform.

When the contest concludes, Buglab's role is limited to vulnerability and triage assessments using the General Vulnerability System 3 (CVSS3) standard described in the Vulnerability Timestamp. Pentesters are compensated according to their ranking in the contest.

Timestamp Vulnerability
The results of the penetration test contest depend on the Vulnerability Timestamp (VTS) corresponding to the exact moment when a vulnerability is reported.

You need to set a ranking system so that you can reward the best researchers based on their overall score and time. The overall score of the pentester for the contest equals the sum of all the scores they receive to expose the vulnerability. Scores for vulnerabilities are based on objective and measurable criteria, thanks to CVSS3.

For such cases, researchers get CVSS3 scores based on the speed with which they can uncover vulnerabilities. The first one has done so will receive full marks, and those who follow will see their score decrease according to their rank in time and the number of settlers who have found the same vulnerability

Companion Fix
At the Company level, Buglab will verify that the fix has been applied. Buglab will try to verify (exploit) the vulnerability again. When confirmed as fixed, the Buglab analyst team will update its status accordingly on the platform. A "fix" can be rejected by Buglab to give the company an opportunity to resolve the vulnerability again. Companies will be allocated up to five attempts to address vulnerability issues

Through the entire duration of the challenge, companies can chat with pentester and access reports, they will be able to apply recommendations to fix vulnerabilities in real time. This is particularly useful if vulnerabilities and related fixes are time-sensitive. Companies do not have to wait until the end of the contest to apply the improvements.

Service Level
For a fixed price, Buglab will arrange a penetration test conducted by experts approved by our team. Highlights of features with three levels of service are provided in the following table.

Vigilante Protocol

Computer Emergency Response Team
Our Smart Vigilante Contract Protocol enables confidential and secure sensitive information communications through the applicable national certified authority, the computer security incident response team (CSIRT), which is managed by many countries around the world.

In addition to notifying the company concerned about the vulnerability, CSIRT and Computer Emergency Response Teams (CERT) will have to do the triage and assess it. In return, once the company marks the vulnerability as resolved, the response team will be rewarded in a token out of the Vigilante Protocol Reserve, because the partnership is falsified with Buglab.

Establish Pentester Status
For whitehat to achieve pentester status and to be able to participate in various challenges, they must, when registering for the Buglab platform, fulfill two mandatory requirements, that is to provide ID plus at least one certification. Country of residence is optional. Accounts are only approved once those requirements have been validated.

Another way to achieve pentester status is by acting under the Vigilante Protocol to prove one's ability and willingness to participate in our preventive security program. After they have collected a total of 20 points, according to the CVSS3 scoring system, they will be able to receive status and take part in challenges.

The Buglab Token
The Buglab Token (BGL) is being introduced to provide penetration testing incentives in a blockchain environment. In the context of the Buglab experience, exchange tokens occur in the following scenario:

● To award prizes to contest winners - up to the top three rankings, or adjusted by clients.
● To cover the cost of the contest, including transaction fees.
● To activate and tokenize the "tipping" functionality for white caps.
● To finance VPR and BTR.
● To reward CERTs and CSIRT for sorting out vulnerabilities and helping to build new partnerships.

TOKEN DISTRIBUTION