Similar to the physical world, in the digital world, too, security is the most vital and distinctive factor in an organization’s long-term success and failure. Many organizations treating cybersecurity as an afterthought have learned their lessons.
Highly invested, these organizations find themselves vulnerable after adopting standard cyber-protection tools offered by almost all the cyber-protection solutions providers. It is because they are guided to believe that protection and security are one and the same thing. It is simply not the case.
While many people use the two words interchangeably, protection means stopping external threats from their unauthorized entry into the system to manipulate, steal, or corrupt users’ data, programs, and applications. While on the other hand, security means making the Operating System invincible from the inside. Securing the heart of any Operating System is a niche segment, and only a few companies like Bugsmirror Research Private Limited have done that successfully.
According to Aman Pandey, Founder and CEO of Bugsmirror, they have enabled research-based systematic product security evaluation to redefine OS Level Security. He furthers that Bugsmirror is a self-sustained and flourishing startup recognized by leading tech companies like Google and Samsung.
Aman and his team work in the field of Operating System level research and development, where they discern all types of security vulnerabilities using their in-house designed and developed algorithms and applications. Bugsmirror’s experienced engineers have performed numerous security audits of Android, iOS & Flutter applications, SDKs, software, products, etc., and suggested ground-breaking changes from the architectural level to the top level.
Aman informs, “We offer solutions to fix security vulnerabilities for national & international MNCs & startups across diverse sectors like IT, Fintech, Healthcare, etc., as well as reputed government organizations. We assist businesses in safeguarding their critical data.”
Aman, a B. Tech graduate from NIT Bhopal, had a clear vision to start Bugsmirror in 2019. He started working towards it with a small team while studying in college. It so happened that during his college days, he worked on an SOS app to prevent ragging and discovered a security bug in the Android OS that attackers could exploit to find a person’s location without the person’s consent.
Aman realized the importance of fixing that security vulnerability and reported it to Google. Google rewarded him for discovering the bug. It inspired him to find more security bugs, and he realized it had huge potential as a business. Hence, Aman built a team and started providing research-based security solutions to companies to make their products more secure. In 2021, he officially founded and began Bugsmirror Research Private Limited.
Moreover, the Bugsmirror team has been the world’s top contributor to Google’s Android Vulnerability Reward Program for two consecutive years: 2021 and 2022. Aman shares, “In 2021, we had submitted 232 security vulnerabilities, and in 2022, we had submitted 200+ security vulnerabilities to the program. We were also the world’s leading contributor towards finding security vulnerabilities in the Android 13 OS. We had reported 49 security bugs in Android 13, which was 400% more than the second highest contributor.” Google has acknowledged Bugsmirror’s contributions to Android security as crucial and has mentioned them in its security blogs.
The highlights of his exclusive interview with Insights Success are given ahead.
Aman, please describe Bugsmirror in detail.
Bugsmirror Research Private Limited is a security services company that works in the field of Operating System level security. Through our research and development, we discern all types of security vulnerabilities using our in-house developed tools and applications to assist businesses in safeguarding their critical data. Our team of experienced engineers works persistently to find solutions to detect security vulnerabilities precisely, effectively, and rapidly.
We perform security audits of Android, iOS, and Flutter applications, SDKs, software, products, etc., and suggest ground-breaking changes from the architectural level to the top level. We offer solutions to fix security vulnerabilities for national & international MNCs & startups across diverse sectors like IT, Fintech, Healthcare, etc., as well as government organizations.
What USPs highlight Bugsmirror as a leading name in Cyber Threat Solution Industry?
Our USPs are:
~We are a research-based security services company, and our team dives deep into the product and finds vulnerabilities that other companies cannot easily find. Unlike managed security services companies, we are an amalgamation of manual + automation techniques based on our research, i.e., a step ahead of managed security services. Our approach to security is different, as we focus more on preventing security vulnerabilities at the root level and providing the best cures (solutions) to fix those vulnerabilities.
~Our team has been closely working with Google’s Android security team for the past four years. We are aware of intricate security vulnerabilities present in the Android OS, which might not be fixed soon. Even if a company fixes security vulnerabilities in its products, they could still be compromised using vulnerabilities in the Android OS. We personally guide companies’ development teams to write code so that the security vulnerabilities in Android OS will not weaken the security of the companies’ products.
~Using our security research, we have discovered new bug types and collected immense data on various bug types, enabling us to better secure our clients’ products than any other managed security services company.
~We help our clients to secure their products from not only existing but also future security vulnerabilities.
~We also provide companies with solutions to implement advanced security concepts in their products that are hard to implement as they require deep knowledge about the Operating System, which we have gained through our years of experience. The concepts ensure end-to-end security.
What are the immersive benefits of the services/solutions that you provide to your clients?
Any client associating with us will benefit from collaborating with the world’s leading research-based security organization. Our team of security experts will provide world-class security solutions to fulfil all the requirements of our clients. We focus on constant research & innovation to provide our clients with the best solutions to improve product security that not only solve their current security issues but also assure them of not having security issues in the long term.
What were the initial challenges after venturing into Cyber Threat Solutions, and what are the challenges now?
Initial challenges:
~We worked in the field of Operating System level security threats and solutions, which was a new domain in the security market, and very few people knew about it.
~There were a limited number of clients who understood the niche and required our services.
~Due to our lack of experience, it took us time to understand the client’s security problems and provide them with the needed solutions.
Present challenges:
~To increase the number of security researchers in our team who can help us find security vulnerabilities more efficiently and quickly.
~There is a lack of understanding about the significance of our work in the Indian market compared to foreign markets. Most Indian companies still don’t realize that the security of Operating Systems is necessary to make their products more secure.
~IT rules and regulations on data privacy, security, etc., in India are not as advanced and strict as their foreign counterparts. It limits the scope and need for security services companies in India.
Being an experienced leader, share your opinion on how Cyber Threat Solution is crucial today and what advancements can we expect in the future.
We believe the next World War might occur because of data security and privacy issues. To avoid that, it is necessary to make the digital world more secure. Most of our sensitive data is stored in our smartphones (about 97% are Android devices). Hence, it is of prime importance to rectify all the security vulnerabilities in the Android Operating System and applications that run on Android OS. It is also crucial to address and fix security issues in the cyber world.
In the future, we expect that most companies will focus on security from the start of the development cycle and build more secure products. We also hope the Indian government makes stricter laws related to data privacy and security and gives them more importance.
What would be your advice to the aspirants willing to venture into the Cyber Threat Solution services field?
To venture into the field of Cyber Threat Solution services, you should first understand the basics of software product development. Through continuous learning, you can master development and understand how security aspects are neglected during development. You can then identify the gaps in security and implement security aspects right from the initial stage of product development.