ETHICAL HACKING: Uganda Bankers Association endorses Bug Bounty Program
The discussion of the initiative comes as the world marks October Cyber Security Month, which also coincides with new reports of cash thefts at commercial banks.
The Uganda Bankers Association (UBA) has endorsed the Bug Bounty Program as part of efforts to improve the security of the financial industry against cybercrimes.
The Bug Bounty Program is the monetary reward offered to ethical hackers who specifically uncover and document vulnerabilities for application developers.
Lydia Anabo, a Security Analyst at Milima Security, says if the program is embraced by the Financial Industry and other cyber technology users or app developers, it goes a long way in improving safety and security.
The discussion of the initiative comes as the world marks October Cyber Security Month, which also coincides with new reports of cash thefts at commercial banks.
Anabo explained that, “bug bounty programs are essentially reward-based initiatives, with the rewards determined by what you have done or achieved as a bug bounty hunter, or a professional or ethical hacker,”
She added that these rewards are dependent on finding vulnerabilities in a company’s systems, which is exploitable.
“Bug bounty rewards can be monetary or non-monetary. In cyber security, bug bounty programs are essential and are the reason why companies often engage experts to assess their systems for vulnerabilities,” she added.
Experts say using these vulnerabilities and penetration testing is conducted to assess system security.
There are concerns about whether the ethical hackers themselves are not a threat since they have the ability to penetrate the systems to their advantage during the vulnerability assessment exercise.
However, experts say, that ethical hackers rely on the trust they gain from their clients to exist and therefore have to protect it.
Daniel Nsumba, a Security Operations Analyst at Sec-Ops in South Africa, said “before we embark on the task, an agreement is made between the hacker and the company detailing the scope of the work and that whatever is found must be reported,”
He added that reporting non-critical vulnerabilities may result in no or minor rewards.
Emmanuel Chagara, the Chief Executive Officer at Milima Cyber Security, said with virtually all sectors becoming digitalized, the safety of their operations is also becoming more vulnerable to cybercriminals, hence the importance of the professional hacking community and programs like bounty hunters.