In response to the rising cybersecurity threats in the Philippines, Secuna, the first and the only crowdsourced cybersecurity testing platform in the country, is offering its community of security researchers to provide free bug bounty and vulnerability disclosure programs to help the government agencies and private organizations better their security capabilities.
“Governments and non-governmental organizations can run vulnerability disclosure programs (VDP) through the Secuna platform for free. They can also run bug bounty programs (BBP) for free, with no platform subscription, if they want to incentivize security researchers for reporting a valid bug,” said AJ Dumanhug, CEO of Secuna.
A VDP is a structured method for third parties, researchers, and ethical hackers to report vulnerabilities easily. The program provides a straightforward method to communicate findings and to show customers and investors that they take security seriously. It gives organizations a chance to develop a patch and disclose the issue once a solution is ready. This approach follows the international standard ISO/IEC 29147:2014 for vulnerability disclosure.
Ethical hackers disclose vulnerabilities for both VDP and bounty programs. The key difference is that bug bounty programs include rewards or incentives to encourage cybersecurity professionals with a wide range of skill sets and experiences to find, identify, and report potential vulnerabilities.
In BBP, no money changes hands until the vulnerability is validated and determined to be compliant with the terms specified on the policy page of the program, and the payout is based on the severity of the reported vulnerability. Bug bounty programs can either be open or private.
While bug bounty and vulnerability disclosure programs are already standard security procedures in the private sector, there’s still much work to be done to strengthen the country’s defenses against the proliferation of malicious cyber-attacks and data breaches that could lead to national risks.
The website of Secuna outlines the broad set of its features and provides guides and other resources for putting these free cybersecurity tools to best use. Secuna encourages government agencies and SMEs to contact them to assess and help them implement the best cybersecurity practices.
“They only need to set up a policy on our platform which contains rules, a target list, and a list of acceptable vulnerabilities. Then they will launch their VDP or BBP so that the vetted community of researchers in our platform can start looking for vulnerabilities and report them accordingly. These are free trial services and have no limits,” said Dumanhug.
AMPLIFYING CYBERSECURITY AWARENESS AND READINESS
Six years after the country’s cybersecurity framework was launched, the country remains at Level 1, meaning “no standardized processes are in place”, in terms of awareness and communication, and cybersecurity skills and expertise.
Moreover, the COVID-19 pandemic has aided in increasing reliance on digital channels, and it has also attracted bad actors as online scams have increased.
Just last year, the Philippines ranked fourth in Kaspersky’s global ranking of countries most targeted by web threats.
Dumanhug warned that cyberattacks are expected to become more complex in a few years.
“We have to act quickly by implementing programs that are already available to us. Cyber attackers are now using new technologies like artificial intelligence that’s why private organizations, SMEs, and the National Government should also take advantage of the technologies we have to keep up with the attackers,” he noted.