IIT-Guwahati launches Bug Bounty program aimed at enhancing their cybersecurity

The Indian Institute of Technology, Guwahati, is offering a bounty for ethical hackers to enhance its cybersecurity through a programme called ‘Bug Bounty’. In the programme, white hat hackers use their skills to test and expose cyber vulnerabilities of protected systems and networks of the institute, before black hat hackers (malicious hackers) can exploit them. “This will help improve security within IIT Guwahati’s network and its websites,” K. Mohan Sai Krishna, a fourth year B-Tech Computer Science and Engineering student and the brain behind the initiative, told IANS. IIT-Guwahati’s Facebook page says this is a first of its kind initiative in the country (in terms of educational institutes). Launched on June 30, the programme is an experimental program focusing on improving the security within IIT Guwahati’s network. The initial bounty is an appreciation of the bug-hunter in the ‘Hall of Fame’ page. The introductory phase is meant for the institute’s students and faculty but it will be rolled-out for the ethical hackers across the world to participate. Of the clutch of rules and restrictions of the project, one forbids hackers from “publicly disclosing any vulnerabilities before they have been completely resolved”. “Soon after the program was released we got seven reports in two days, three of which are high priority ones and four of them are low priority ones,” said Krishna, whose core interest lies in information security and has earlier helped companies like Microsoft to secure their websites. “I noticed some flaws in IIT-Guwahati website and informed the concerned people. One more thing which fuelled this idea was that most of the times when some Indian government websites were hacked by some Pakistani hackers or someone else you could hear many Indian hackers saying ‘I reported about this vulnerability long ago, nobody patched it’,” he said. “The idea is that with the success of this programme in IIT-Guwahati, other IITs and government bodies might also start something similar and in the end it should contribute in making Indian cyberspace more secure,” he said, acknowledging the institute’s Computer Centre for seeing the merits of the programme and taking it up. Massachusetts Institute of Technology (MIT) in the US has its own bug-hunting project.