Crowdfense hosts bug bounty challenge at HITB+CyberWeek
Crowdfense seeks to normalise the procurement of zero-days for Governments
Crowdfense has designed and launched the first edition of Driven2Pwn, a bug bounty challenge which is part of the 2019 HITB+CyberWeek conference in Abu Dhabi.
Driven2Pwn, brings together offensive and defensive security researchers under one single programmatic challenge with common rules.
“Driven2pwn is an important step in our efforts to normalise and streamline the zero day procurement process for Government customers”, said Andrea Zapparoli Manzoni, director of Crowdfense. “We are glad to see that major vendor companies who have long shied away from the offensive zero day market are joining the event. The truth is that the market exists, is growing exponentially, is under regulated and needs better standards, practices and protocols. The whole vulnerability research community needs to gather and discuss these issues openly, with a fresh approach and without prejudices. This new event is an important step forward.”
Crowdfense has a creative approach to the Driven2Pwn bug bounty event is. When exclusively buying an exploit at the event, they will introduce a “conditional disclosure” clause in their contract, which allows both the researcher and the company to disclose the bug to the relevant vendor after a certain period, either publicly or privately.
“The main aim of Driven2Pwn is to create a single destination for the best bug bounty hunters to gather, to move the industry’s focus away from single exploits to instead focus on classes of bugs while at the same time benefiting the larger security research community by open sourcing key findings, code and methods” said Dhillon Kannabhiran, HITB’s Founder and CEO.