EghtesadOnline: A new startup introducing a bug bounty platform and tapping Iranian white hat hackers' potential is addressing the cybersecurity concerns that have beleaguered the booming web-based businesses in the country.
Kolah Sefid (literally means 'white hat') is the first national platform for the competitive debugger community.
Cybersecurity is a key component of the digital era. With online businesses growing at an exponential rate, the old-school approach of outsourcing maintenance of a digital service's security seems not only costly but also insufficient.
According to its website, Kolah Sefid has been launched to address the issue and to hopefully yield more favorable results in the given field. Furthermore, the startup enables white hat hackers to earn a living by employing their hard-earned skills, Financial Tribune reported.
The term "white hat" in Internet slang refers to an ethical computer hacker, or a computer security expert, who specializes in penetration testing and in other testing methodologies to ensure the security of an organization's information systems.
White hat hackers, who are also called ethical hackers, actually aim to improve security, finding security holes and notifying the victim so they have an opportunity to fix it before a less-scrupulous hacker exploits it.
Certified by a cybersecurity agency affiliated with the Presidential Office, the online platform intends to detect the defects and vulnerabilities of websites, software programs and smartphone applications.
>Kolah Sefid Contests
According to Kolah Sefid official website, two main groups may sign up on the website; the first, firms and independent developers interested in putting their platforms up for evaluation; second, security specialists capable of running tests to find possible defects.
The contests held on Kolah Sefid website welcome white hat hackers all around the country to take part in processes that entail debugging registered platforms.
Each bug detected by specialists will be evaluated by experts who work for Kolah Sefid and if verified, will earn the hacker the granted prize determined by the hiring entity.
Entities that want to have their website or software debugged are required to pay a commission fee to Kolah Sefid as well, which is typically not a large sum.
Kolah Sefid on its website further states that both hackers' and customers' data are considered confidential and the firm will not share the information with unauthorized entities.
What makes Kolah Sefid stand out among the rest of debugging platforms is its policy not to make the customer pay non-refundable fees up front for services not yet delivered; while in case of most similar companies, such facilities are rarely delivered.
For instance, the software in question may reportedly come out clean after the tests, whereas a couple of vulnerable areas have been overlooked—defects that may be capable of harming the whole system. Kolah Sefid will reimburse clients not having received proper service.
Moreover, in some occasions, debuggers do not dedicate the required time and energy to a given project, hence yielding inaccurate results.
Kolah Sefid's use of collective rather than individual imperfect knowledge makes it unique. Through Kolah Sefid, several hackers separately work on debugging a single platform, which ensures that the results are sounder.
Kolah Sefid is supported by Iran's Computer Emergency Response Team Coordination Center (CERTCC) and Amir Kabir University of Technology's Computer Emergency Response Team.
Kolah Sefid has worked on various cases of intrusion detection systems, security evaluation as well as debugging.
Two projects involved judiciary-affiliated systems, resulting in the detection of an overall 23 bugs and collection of 80 million rials ($1,904) in awards for the hackers.
Sigma.ir, an IT infrastructure development company, paid 60 million rials ($1,428) in rewards for one vulnerable spot found on its platform.
The electronic mail service dubbed Chaapaar also granted a 50 million rial ($1,190) prize to the white hat hacker detecting a single defect in its code.
It merits mention that Kolah Sefid once put its own website up for evaluation, resulting in the detection of four verified bugs, and paying 60 million rials ($1,428) in rewards.