Analyzing cryptographic vulnerabilities on bug bounty platforms
Cryptographic algorithms are designed to halt adversaries from stealing or disclosing classified information.
Such algorithms are either FIPS-approved or NIST-recommended and have been analyzed extensively to ensure that they provide adequate security.
However, a large number of studies in the broader literature have examined weaknesses in such algorithms as well as why developer performance is poor in this area.
Companies often are unable to verify the security of their software, owing to a lack of security experts at the workplace. A recent trend in order to assess the security of software in some high-tech companies is to ask for technical help from external experts. For example, HackerOne is a vulnerability coordination and bug bounty platform that links companies with penetration testers and security experts. Such experts are paid by the requester based on the severity of the discovered bug. The strong motive behind the idea of such platforms encourages hackers to earn money by helping companies and renders businesses more resistant to cyber-attacks.
This seminar project aims to identify and analyze cryptographic vulnerabilities from two datasets, extracted from bug bounty platforms. We are interested in investigating the underlying causes of cryptographic vulnerabilities in the two datasets.