GOLearn webinar on Enterprise Security Risk Management (ESRM) on Apr 16, 15:30 CET

Bug Bounty – Bug-tracking hackers or bounty hunter 2.0

Hear the term "bounty hunter" and we automatically think of the Wild West – catchphrases like "Dead or Alive!" familiar from movies such as Django Unchained or For a Few Dollars More. Bounty hunters are something we associate with fiction – or at the very least a relic from a bygone era. But it turns out the bounty system is experiencing something of a digital renaissance, and is now gaining a foothold in Switzerland too.

Let's start by setting the scene. In our increasingly interconnected world with its array of rapidly-evolving digital technologies, the risk of security vulnerabilities is growing significantly. Deploying a new app, migrating to cloud services, upgrading an online store – every interface with the internet is a potential gateway for intruders. This is especially true when new updates are released regularly, software is continuously upgraded, and users are involved at an ever earlier stage.

And this is where the bounty system comes in. Only the bounty is no longer on heads but on bugs – software errors, in other words. Bounty hunters 2.0 are the hackers, the digital tinkerers, who use their skills to identify gaps in the security system of a particular interface. Bug bounty platforms match companies with "ethical hackers" (also known as penetration testers or white hats), who search for bugs in the companies' software while complying with a pre-agreed set of rules. "The badder they are, the bigger the reward," says bounty hunter Dr. King Schultz in Django Unchained, explaining the mechanisms of his trade.

1f2991e9-216e-4295-931d-3a1c478a147a_nathaniel-tetteh-QLBYlclmgFo-unsplash.jpeg
Photo by Nathaniel Tetteh on Unsplash

It's a similar system in the virtual world: the more serious the security gap an ethical hacker discovers, the more generous the bounty he or she receives. Tech giants like Facebook, Google, and Uber have long deployed whole armies of hackers to check their systems for vulnerabilities. And bug bounty platforms are a vital link in the chain.

In Switzerland, too, big-name companies work with international players to improve their applications and systems and make them more secure, all with the help of bug bounty programs. For many small and medium-sized businesses facing similar challenges, however, the obstacles are too great. The legal arrangements alone can be off-putting.

Bug Bounty platform based in Switzerland

Bug Bounty Hub aims to address this. As a bug bounty platform with an own community based in Switzerland, the Zurich startup enables clients to set up bug bounty programs that comply with Swiss law while clearly defining which people they want to work with. Moreover, Swiss companies get to deal with partners in Zurich, rather than in California, Paris, or Moscow.

"There's a lot of interest in bug bounty programs in Switzerland, but many companies are afraid of being hacked. If something goes wrong, their whole production could come to a standstill," says co-founder and security expert Rolf Wagner. He understands the issues only too well, which is why the company offers its clients comprehensive advice and agrees clear rules with them as to which interfaces will be tested and how. "To start with, we would recommend a private bug bounty program, for example, in which only ethical hackers who are subject to Swiss law are eligible to take part," Wagner explains.

Unlike international platforms, Bug Bounty Hub offers Swiss businesses not only legal certainty but also specific knowledge of the Swiss security market. The firm's founders are experienced professionals with an extensive network of contacts, both in Switzerland and abroad. Bug bounties in Switzerland have never been easier. So why hesitate any longer? Get the hackers working for you!