info@whitehat.ng
+234 701 470 2008
@ngwhitehat

About Whitehat Nigeria

whitehat.NG > About Whitehat Nigeria

Pushing for Responsible Disclosure

Founded in 2020, Whitehat Nigeria is composed of Nigeria Security Researchers whose motivation are patrotism, professionalism, and profit making which intend to help reposition the cybersecurity posture of Nigeria by engaging in an open security research of the Nation’s cyberspace and report all sensitive findings to affected organizations. With the hope of forcing all organizations to adopt Vulnerability Disclosure Policy (VDP) which will help ensure that the available attack surfaces for the adversary are being totally reduce. On the believe that until VDP adoption increases, vulnerabilities will continue to remain unreported, and breaches will continue at an accelerated rate, pushing for a managed disclosure situation which is preferable to one without control.

For our continuos operation, we are going to be relying largely on the cooperation of all organizations in all sectors be it public and private to join hands and collaborate with us on the great initiatives.  Support from member of the general public will be appreciated as we embark on this journey.

We encourage organizations with digital assets to reach out to Whitehat Nigeria to discuss how they can get their VDP developed to encourage more vulnerability to be reported as nearly 1 in 4 hackers have not reported a discovered vulnerability because the company didn’t have a channel to disclose it, according to  2018 Hacker Report from Hacker One.

VDPs are intended to remedy that situation by giving finders clear directions on how to report a potential vulnerability, and giving your internal security team an easy means with which to receive such reports. It also helps eliminate the potential business chaos should someone not know how to report a vulnerability and it winds up on social media.

The role of regulators such as NITDA and professional associations like CSEAN and NAIJASECFORCE is paramount for the success of this project.  Let us join hands together to push for a responsible disclosure in Nigeria.

Our Interest

We constantly scrape the web in search of vulnerabilities that might exist on Nigeria’s ICT assets and report findings to the bodies affected and we offer solutions to the issues we discover. Our remediation services are subject to payment or other agreement that we might have with the affected entity.

We are true to ourselves, and commit to always perform at our best.

Frequently asked questions

There are just five key elements of a VDP as listed below;

  • Promise: You state a clear, good faith commitment to customers and other stakeholders potentially impacted by security vulnerabilities.
  •  Scope: You indicate what properties, products, and vulnerability types are covered.
  • Safe Harbor: Assures that the finder reporting in good faith will not be unduly penalized.
  • Process: The process finders use to report vulnerabilities.
  • Preferences: A living document that sets expectations for preferences and priorities regarding how reports will be evaluated.

The Surebet247 breach which opened the year would not have escalated so bad over the media if they had put in place a good breach and vulnerability disclosure policy. Like Surebet247, there are many other organizations in Nigeria that are also in the same shoes with them, some open security researcher  have some of this information already which may be readily available to the adversary as well but they are finding it difficult to report those information to affected organization because there is no explicit guidance on how to go about.

If you trust your abilities in the technical engagement we have highlighted and you are ready to be part of the Whitehat.NG Campaign.

Kindly send your CV to info@whitehat.ng.

And we will get back to you within 3 days.

Researchers do not create vulnerabilities. The fact that one researcher does not disclose its existence does not guarantee that another will not find it – or has not already found it. Finders may have reasons to want to disclose the vulnerability publicly.

If you see something, say something BUT Responsibly.