Bug Bounty Program pays off for cybersecurity at Virginia Tech
Not all hackers are up to no good. In fact, one of the most effective ways to prevent a security breach is to test cybersecurity defenses in much the same way a hacker would, by looking for vulnerabilities in your infrastructure. The main difference, of course, is that instead of exploiting vulnerabilities, you repair them.
In the cybersecurity world, this technique is called “red teaming.” It’s also the idea behind the new Virginia Tech Bug Bounty Program, which gives students and employees the opportunity to play hacker and earn cash rewards for identifying any vulnerabilities, or “bugs,” in specific university-owned domains.
Launched in March 2021, the Bug Bounty program is helping the IT Security Office (ITSO) expand the university’s cybersecurity efforts while engaging the Virginia Tech community.
“Cybersecurity at Virginia Tech has historically focused on defense capabilities [a.k.a. ‘blue teaming’], such as monitoring outbound traffic and encrypting sensitive data,” explained Brad Tilley, director of security architecture for the ITSO. “Red teaming plays offense to the blue team’s defense, taking a more active approach to cybersecurity by seeking out and flagging potential vulnerabilities before bad actors have a chance to exploit them.” Used in tandem, blue teaming and red teaming offer the best chance of maintaining secure systems and minimizing damage from external and internal threats.
However, scouring code for vulnerabilities can be a time-consuming process, even for the most skilled security analysts, and the ITSO red team staff is relatively small. “We realized that in order to grow our offensive capabilities given our resource constraints, we needed to look outside our own office,” Tilley said.
And what better place to look than right outside their office window?
“Virginia Tech has a huge and…