By Nayak Paudel
Kathmandu, Mar. 18: These days, social media are inundated with stories of Nepali youths discovering security bugs in internet-based digital platforms and receiving bounty in return.
In October 2020, Routine of Nepal Banda (RONB), a Facebook-based platform, posted a story of Prava Basnet. She is one among the growing number of Nepali Bug Bounty Hunters who spot security flaws in the software coding that underpins such platforms.
Basnet had discovered two security bugs in the Facebook code, for which the social media giant awarded her US$ 3,000. As per RONB’s post, she was inspired by earlier posts about other Nepali bug hunters which were widely shared on social media.
Her achievement inspired many others. On February 13 this year, RONB posted a story of 18-year-old Prajwol Dhungana from Palpa. He, too, had received US$ 500 for finding a security bug in the Facebook code.
Dhungana stated that he was inspired by Basnet’s story which he saw on the social media.
Finding security bugs in digital platforms helps their owners to eliminate a threat stemming from the potential data breach. Companies provide a legal platform for ethical hackers to look into their network and report such vulnerable points.
While aspiring Nepali ethical hackers had to go for international digital platforms to hunt for bugs, a home-grown platform called Bugv, has also been brought into operation since last week in Nepal in an effort to expand the stage for Nepali youths. Ethical hackers and companies – both Nepali and foreign – can connect to it to cement their cyber securities.
“Nepal has seen exponential growth in digital platforms, which require robust security at various levels to defend themselves against hackers. And to achieve that goal, there must not be any security-related bugs, which pose grave threats to such platforms, so they must be identified before they are eliminated,” Naresh Lamgade, founder of Bugv, told The Rising Nepal.
Around 800 ethical hackers and several Nepali companies have registered with Bugv to allow ethical hackers to find bugs, eliminate them and assure improved security to date.
Data breach of companies, both government-owned and private ones, is a growing menace in Nepal. And the country lacks sufficient skilled manpower to tame the threat. Almost all businesses, including startups, have their presence in digital platforms, but most are incapable of finding the bugs on their own. So they have no option but to pay foreign-based companies to have these flaws corrected.
However, Bugv is filling that void by providing much-needed network-related services, including finding the bugs.
T-teet, a new ride-sharing company based in Nepal, is one such firm. According to Lamgade, T-teet received many reports on security bugs and it is now eliminating them.
“Finding security bugs in digital platforms of foreign companies is lucrative as they pay far more than home-based ones. That said, finding bug in latter is enjoyable. It is like lending a help to another Nepali so that they can spot their loopholes and operate smoothly,” said Bishwodeep Tamang, a 22-year-old Islington College graduate who is associated with Bugv and is among a few Nepali ethical hackers.
“Nepali youths are increasingly gravitating towards this sector. Though there is a dearth of home-grown cyber security experts, change is on the horizon,” Tamang added.
“Our main motive is to enable Nepali companies to make their digital platforms robust at an affordable rate,” said Lamgade.