Interview with BugsBounty.com founder Himanshu Sharma

We had a chance to interview Himanshu Sharma, Founder of BugsBounty.com he has found security bugs in Top organizations including Google, Facebook and Apple etc.

How did you get interest in information security field? 
    When I was in school, I had interest in computers. Physics, mathematics went over my head – Computer was only one thing, which I could understand.  From this time I started playing around with computers, breaking it, fixing it.  One day my blog got hacked, I did not get angry at the Hacker.  Instead, i was very fascinated and curious how they did it.  After that incident, i started to do research in this field.

Can you tell us about your company?
    BugsBounty basically is providing crowd sourced security. We have public and private programs.  We have many opportunities if compare with another companies. As we know, not all companies, especially in India, are ready to allow anyone do testing. They believe it is risky.  In this case, we can offer to this companies  “crowd simulation”.
   
    Crowd simulation – We have internal team, top hackers who we chosen from the crowd, we call them – “crowd hackers”, they will simulate the crowd.  So, for example, if we have a crowd about 10000 peoples, we will choose top 200 who are performing well. Currently, we have about 30 chosen hackers.  “Crowd Simulation” is one of the thing that gives advantages over other companies.
   
    We have raised about 5 Millions from LLoyds ventures.

Is this company unique to India ?
    Yes. It was very difficult and so risky to open company like this. Not everybody have brave to do it. In our company the confidence is the important thing. We need trust each other. We know everything about every singe people, who is working for us in a private team.

    I might add, that we need accept the fact that crowd security is the best form of security, which can get. Moreover, Pentagon accepted it already.
   
How did you come up with the idea?
    One day i realized that i need to show Indian companies that security is very important thing.  We suggested use crowd security. We are not a typical VAPT company!  I believe 1000 brains are better than 10.

What do yo think about the bug bounty market in India?
    Actually, people now are more opening up. We have 92 clients, most from India – It’s very huge.
   
Do you think Indian corporates have enough security?
    Indian corporates have enough security.  However, there will be some hidden security bugs that needs to be found and addressed.

Leave a Reply