Harvard University has recently recognized Shdeed Nawaf al-Mutairi, a bug bounty hunter from Saudi Arabia, for recently reporting one of its tech vulnerabilities last month, according to a letter from the university’s chief information security officer.
“HUIT Information Security would like to thank Shdeed for responsibly reporting Insecure Direct Object Reference along with instructions for reproducing the problem. Harvard appreciates responsible reporting of information security issues impacting our systems and networks,” read the letter dated January 14 and signed by HUIT’s Chief Information Security Officer Christian Hamer.
Bug bounty hunters are usually terms of individuals highly skilled in ethical tech hacking. Many websites and organizations usually recognize and compensate bug bounty hunters for reporting bugs, especially those related to tech security vulnerabilities.
In an interview with Al Arabiya last July, al-Mutairi said the practice of bug bounty hunting first started as a hobby in discovering software vulnerabilities on his own before realizing that programs, websites and organizations recognize individuals with his talent.
“In 2012 I was playing a game I remember and at the beginning, that game was exposed to a state of penetration, so it was the first time I heard of the term itself. I wanted to enter the field more and began to learn about cybersecurity, and through my journey in cybersecurity, the bug bounty programs allowed me to prove my talent. Praise be to God, I’ve managed to find more than 50 vulnerabilities and among those included finding one from a very large company through which I received an reward and honor in 2020,” al-Mutairi said.
Al-Mutairi is one of 8,000 Saudi Arabian men and women who have honed their cybersecurity skills at the Saudi Federation for Cyber Security and Programming which was established in 2017.
“The so-called Bug Bounty is an existing global idea that consists of two main parts. The first is security researchers or what we call ethical hackers. They are researchers who have capabilities in cybersecurity who can discover software vulnerabilities in websites. The other part are government and private agencies who have technical programs. Whether from websites or mobile applications, they like to discover the software bugs in them and fix them before they leak and cost them huge sums of money,” Khalid al-Sulaim, a Senior Business Development Officer at the Saudi Federation for Cyber Security and Programming, told Al Arabiya.
In Saudi Arabia, more than 300 governmental and private entities have so far joined in the bug bounty hunter program which has monitored more than a 3,500 bug reports as of last summer.