Buglab

Cybersecurity Penetration Testing on the Ethereum Blockchain

About Buglab

Buglab is a platform that assists users and organizations by identifying potential cybersecurity issues. Buglab connects security experts or cybersecurity penetration testers with enterprise clients with information security needs. The platform will also incorporate what the company calls the “Vigilante Protocol”, where whitehat researchers are able to report on system vulnerabilities, of which they are not hired to do so (in order to gain recognition and potentially obtain points). A whitehat researcher can become a penetration tester (pentester) and take part in challenges after receiving a sufficient number of points. BGL tokens are used to reward users and to pay transaction fees for actives in the Buglab ecosystem.

Token Economics Product

Documentation

2.8
Documentation
Comprehensiveness

Does it cover the full scope of the problem and solution?

3.0
N/A
3 - Minimally sufficient information provided.
Readability

How easy is it to read and understand the documentation, comprehend the project's goals and trajectory.

4.0
N/A
4 - Relatively easy to read and understand, even if complex.
Transparency

Level of disclosure of pertinent information regarding the company and the project, including current stages of development, issues that have been identified and how to address them, potential problems, access to resources and repositories (github repository, patent applications). Honesty with regard to what the project can (vs. wishes to) achieve.

3.0
N/A
3 - Basically honest, but hyped up or potentially misleading.
Presentation of Business Plan and Token Model

What stages are to be achieved, how are they to be carried out and according to what timeline, what is the long-term plan. How well thought-out is the token model and how well does it fit into the company's overall business model.

3.0
N/A
3 - More information required. Discussion is based on unverified assumptions, business and token models are are not fully laid out, or some key issues remain unaddressed.
Presentation of Platform Technology and Use of Blockchain

What are the platform's core and additional features, how are they to be implemented and according to what timeline, what is the long-term plan. How well thought-out is the use of blockchain technology and how integral is it to the platform.

1.0
N/A
1 - Severely lacking; little or no technical discussion.
Legal Review and Risk Assessment

How professional are the disclaimers, risk assessments, terms and conditions, etc. Is the company working with respectable law/accounting firms? What about due diligence and smart contract auditing? Is a SAFT structure being used (and is the SAFT accessible)?

3.0
N/A
3 - Semi-professional (e.g., includes standard disclaimer, terms and conditions, and risk factors).

Documentation

Comprehensiveness: A brief assessment on the cybersecurity market is presented and brief discussions on particular security breaches (including blockchain projects) are included in the whitepaper. The drawbacks of common strategies against cybersecurity are outlined (one of which are bug bounty programs). Bug bounty challenges are criticized since “companies often end up getting charged to fix issues not entirely consequential to their revenue or customers”. The problem statement is discussed with low levels of detail. The solution description is outlined and discusses the platform and ecosystem on a logistical level. Technical content is lacking. Business-related aspects and token economics is briefly discussed but lacks clarity. The company GitHub page is presented and contains a repository for the token sale contracts. Legal content cant be found towards the end of the whitepaper.

Readability: The document is easy to read. Sections of the whitepaper that address token economics could be presented in a manner that would improve clarity.

Transparency: There is a lack of technical content. The current stage of development is not discussed in detail. Potential issues are not addressed and competitor evaluation is weak. However, the document does not seem deliberately obfuscated.

Presentation of Business Plan and Token Model: Revenue streams are outlined in the whitepaper with references to the corresponding fee structure. Fiscal projections and competition analysis is not through. Market strategies, growth channels, comprehensive competitor evaluations are not included in the documentation. The token economics lacks clarity.

Presentation of Platform Technology and Use of Blockchain: There is little technical content provided in the whitepaper. Most of the discussion of the platform is about how the platform will operate on a logistical level.

Legal Review and Risk Assessment: Legal content can be found towards the end of the whitepaper which spans approximately 3 pages and is professionally written.

 

Documentation Market

Product

1.7
Product
Differentiation

What are the product's unique features / attributes / advantages? How is it different from other, similar products or projects? What makes it stand out or gives it an edge?

2.0
N/A
2 - Minimal or contrived, unconvincing.
Readiness

Readiness of the full platform, including blockchain/smart-contract/token infrastructure; based on what's publicly available (not just claims).

1.0
N/A
1 - Nothing yet, just an idea, for the product as a whole.
Concreteness of Development Plans

How detailed is the roadmap? How well defined is the timeframe? How concrete and detailed are the milestones and how well are they correlated with the business and technology development plans, as well as with funding goals (i.e., fundraising dependent)?

2.0
N/A
2 - Vague and noncommittal, few milestones with few details provided.
Current Position within Roadmap

How far along is the project as a whole relative to the plans and roadmap (including growth, not just platform development)?

2.0
N/A
2 - Critical obstacles ahead.
Feasiblity

Are the project's development plans reasonable? Does the long term vision align with core objectives and current development efforts? Does the timeframe make sense?

2.0
N/A
2 - Very ambitious.
Blockchain Innovation

What is the level of innovation and development particularly with regard to blockchain technology and its utilization? Do the project's blockchain-related developments have value beyond the company's particular platform or network?

1.0
N/A
1 - None; simple, basic Ethereum based token (ERC20 with minimal smart contract functionality).

Product

Differentiation: It is stated that the current issues with bounty programs today are due to the costs and the sub-par results.The platform will utilize a scoring system which will incentivize pentesters (penetration testers) to increase their score by uncovering a high number of significant vulnerabilities.
The platform lists the following features for the Buglab solution:

– Public Contest
– Private Contest
– Selection Filters
– Reports (performance summary)
– Mediation (customer service)
– Triage System (duplicate identification)
– Client-Managed (three levels of contest management: basic, pro, enterprise)
– Leaderboard
– Chat
– Fix Companion (enterprise: bug fix verification)

Notable differentiating features of the platform are fairly weak. The scoring system is not specifically outlined and other major features of the platform are primarily discussed in broad terms.

Readiness: Most developments thus far have been business-oriented. It is unclear whether the organization has made any notable progress in terms of technical development.

Concreteness of Development Plans: The development roadmap is presented as follows:

March 2016
– Development begins
February 2017
– French Tech Ticket acceptance and team relocation
June 2017
– IBM Global Entrepreneur program acceptance
November 2017
– Partnership with CERTs & CSIRTs begins
Q2 2018
– Public pre-sale opens
Q3 2018
– Public sale opens
– Blockchain migration begins
– Public Beta Release
Q4 2018
– Launch of contest and vigilante protocol

Most milestones pertain to business-related developments. There is a lack of technology-focused milestones.

Current Position within Roadmap: Thus far the organization has conceptualized the platform and have begun the process of gaining interest towards the project. However, critical developments have yet to be achieved by the organization. The core components of the platform have yet to be developed.

Feasiblity: Based on the roadmap, the feasibility of the organization achieving the major milestones (public beta release, launch of contest and vigilante protocol) is uncertain due to the lack of intermediary milestones included in the roadmap. The company GitHub page shows little content and suggests that the organization has not made significant progress from a technological perspective. As such, the specified deadline for the last few milestones seem quite ambitious.

Blockchain Innovation: The platform does not provide innovation from a blockchain technology perspective.

 

Product Company and Team

Market

2.3
Market
Target User Base

How big is the project's target user base, how large is its potential market?

3.0
N/A
3 - Has growth potential.
Market Penetration Potential

How easy or difficult will it be to penetrate this market sector on the scale proposed by the project? How dominant is the hold of current market leaders, and are they maintaining a competitive edge? For reviewers (not for tooltip): This should be generally with regard to both traditional and emerging blockchain solutions (assuming that in most sectors, there are no leading blockchain solutions as of yet, but there may start to be). Also, token regulatory issues that apply equally to all should not be stressed here, unless the project has an extra regulatory issue, or (in the other direction) if the regulatory measures taken help it considerably with market penetration...

2.0
N/A
2 - Somewhat difficult or unlikely.
Direct Competition

How many direct competitors does the project have (that are already known or can be easily found with a simple search), and how much further along are they? This should focus on blockchain-related competition but can include established or notable traditional (non-blockchain) competitors with a strong hold.

3.0
N/A
3 - Some normal competition (e.g., 5-7, similarly positioned). Blockchain solutions already evidently present in the sector.
Solution Advantage

How strong is the project's unique selling proposition (i.e., its stated advantage over similar or comparable ones)?

2.0
N/A
2 - Unexceptional / weak.
Blockchain Disruption

How strong is the potential for disruption of the market sector due to the introduction of blockchain technology, as it is utilized by the solution?

2.0
N/A
2 - Unexceptional / weak.
Long-Term Vision

What are the long term goals and plans of the project? (In terms of concrete plans, not just hype or vague assertions.)

2.0
N/A
2 - Monetization and network growth, increasing engagement. Project with somewhat limited scope or questionable viability.

Market

Target User Base: The platform is targeted towards enterprise clients that require information security services and those that are interesting in providing those services while receiving recognition and compensation.

Market Penetration Potential: The potential for market penetration by using cryptocurrency to essentially crowdsource cybersecurity services is moderate. However, there are a number of competitors in this sector that are much further along. The platform does not provide many notable features that would indicate the the project will effectively distinguish itself from the competition.

Direct Competition: There are a number of bug bounty programs that utilize blockchain technology (primarily for the creation and distribution of tokens). Only two potential competitors were briefly discussed in the whitepaper: HackerOne and Bugcrowd. Other potential competitors include:

– PolySwarm
– LevelNet
– Hackenproof
– Hacken
– Bountie

Solution Advantage: Competitive advantages of the platform are outlined in the whitepaper as follows:

– First to market (for pay-per-vulnerability payment model)
– Verified researchers (hand-picked accredited global researchers)
– Time-limited (time-limited contests)
– Money-back guarantee (retrieve the paid contest fees if no bugs are found)
– Identity protection
– Bug fix assurance (mediation)

Most of the advantages seem contrived and overall the advantages of the platform are fairly weak, especially considering the lack of detail provided in the whitepaperp with regards to these aspects of the platform.

Blockchain Disruption: The advantages of using blockchain technology with respect to pentesting is outlined specifically in the whitepaper. All of the aspects are outlined in vague terms and not are not effectively presented in context with the scope of the project. For example, it is stated that the immutability of smart contracts will allow pentesters to “discover and communicate vulnerabilities quickly”.

Long-Term Vision: The long-term vision of the organization is not clear. This is evident with the lack of thorough discussion regarding potential competitors and the lack of detail provided in the roadmap.

 

Market Token Economics

Company and Team

2.2
Company and Team
Company Stage and Foundation

When was the company founded, how mature is it? Has it raised significant funds? Where relevant, this should address the parent company. For reviewers (not for tooltip): Check company LinkedIn and Crunchbase profiles. Impression summary should list basic information such as founding date, location/s, previous fundraising rounds (via crunchbase), maybe number of employees (via linkedin).

3.0
N/A
3 - Company structure in place.
Team Assembly and Commitment

What is the structure of the team (core members, advisers, contributors)? Are all necessary positions filled or is the company still looking for key team participants? Are the team members fully committed to the project (or involved with other projects simultaneously)?

2.0
N/A
2 - Lacking in key areas.
Background of Lead/Core Team Members

Are LinkedIn (or Github, or other professional) profile links provided, and do they show involvement in the project and relevant previous experience? For reviewers (not for tooltip): If the team is quite large, C-level and certain key team members (such as lead tech/blockchain developers) should be looked at, while other than that, a sample is fine (but this should be mentioned or reflected in the language ["It appears as though..."]).

3.0
N/A
3 - Minimally sufficient.
Relevance of Team's Previous Experience and Skill Set

How relevant are the team members' backgrounds and experience to the project and its requirements? Do they come from related industries and have in-depth knowledge of their respective fields?

2.0
N/A
2 - Lacking or inconsistent.
Team Skill Set Balance (biz / tech / blockchain)

Do the team members' backgrounds and experience appear to collectively cover the project requirements? This includes but is not limited to blockchain expertise.

2.0
N/A
2 - Somewhat skewed.
Strategic Partnerships

What kind of launch partners and early adopters does the project have?

1.0
N/A
1 - None really.

Company and Team

Company Stage and Foundation: According to the organization’s LinkedIn page, the privately-held company was founded in 2016 and are based in Cesson-Sevigne, Rennes. It is unclear whether the organization has received significant levels of investment funding.

Team Assembly and Commitment: The core team of 7 individuals and 1 advisor are presented in the whitepaper and the company website. The team structure is presented as follows:

Reda Cherqaoui | Founder, CEO
Alexander Belokon | Backend developer
Youness Aamiri | Blockchain Developer
Azdine Bouhou | Software Architect
Konstantin Bditskikh | Frontend Developer
Amine Bioudi | Full Stack Developer
Dalal Cherqaoui | Marketing and Communications Manager

Herve Schauer | Advisor

When analyzing the LinkedIn profiles, it was found that all core team members show involvement with the project. A few key individuals are concurrently involved with other projects (the CEO and the Software Architect). Most team members have a technical position with.

Background of Lead/Core Team Members: Links to LinkedIn profiles are not provided. Short bio descriptions are included on the company website and the whitepaper. GitHub links are not provided for those with a technical background. With the exception of a few team members, the level of information regarding current and prior work experience is limited.

Relevance of Team’s Previous Experience and Skill Set: Most team members (5 of 7) show that their most previous work experience entails freelance work, internships, or in one case, no information regarding past work experience at all. The individual with the most relevant work experience is the CEO, where is was the CEO if Achilles Security, a computer a network security company focused on anti-hacking services. There is a lack of individuals with blockchain development expertise.

Team Skill Set Balance (biz / tech / blockchain): Based on the team structure outlined on the company website and the whitepaper, the skill set of the team is aligned more closely to technology development. Only one individual is responsible business-relations and marketing. As a result, the skill set of the team is skewed.

Strategic Partnerships: The following organizations are listed as partners on the company website:
– La French Tech
– French tech Ticket
– Bpifrance
– IMT Atlantique
– ISOLAS

However, the level of involvement with these organizations is unclear: it is uncertain whether some (or all) of these “partners” will have significant impact with regards to the success of the project. These partners are not discussed in the documentation. As a result, notable partnerships/launch partners are not evident.

 

Company and Team Documentation

Token Economics

1.7
Token Economics
Value Proposition of Token

How much of a need is there for the token? What is the token's utility value, and what is its value as a security?

2.0
N/A
2 - Token issued primarily for fundraising purposes or network effect. Inherent value is minimal or contrived.
Token Economy

How well defined and sustainable is the token economy? This should include circulation, fees, earn/spend mechanisms, inflation/deflation mechanisms, etc.

2.0
N/A
2 - Loosely defined, uncertain or faulty, raises cause for concern.
System Decentralization (besides token)

How decentralized is the solution other than the token (e.g., data collection, storage, access, and use, or decision making processes, etc.)? The purpose here is not to penalize use of centralized components per se, but to assess how decentralization is incorporated.

1.0
N/A
1 - Essentially centralized without due consideration of the broader issue.
Fundraising Goals (Min/Max Raise Amounts)

How sensible are the project's min/max raise amounts or soft/hard caps? (Related to Use of Proceeds but broader).

1.0
N/A
1 - Very greedy or nonsensical.
Use of Proceeds (Fund Allocation)

How well-defined and sensible is the planned use of proceeds / fund allocation?

1.0
N/A
1 - Not clear how funds will be used.
Token Allocation

How well-defined and reasonable is the token allocation (including vesting, what's done with unsold tokens, etc.)?

3.0
N/A
3 - Sufficient company/community interest balance.

Token Economics

Value Proposition of Token: It is stated that “the Buglab Token (BGL) is being introduced to incentivize penetration testing in the blockchain environment”. The justification for creating the token is outlined in the whitepaper as follows: – To reward contest winners— up to the top three in rankings, or as customized by the client. – To cover the cost of a contest, including transaction costs. – To enable and tokenize “tipping” functionality for white hats. – To fund both the VPR and BTR. – To reward CERTs and CSIRTs for triaging of vulnerabilities and help build new partnerships. BGL tokens are used as a means of exchange and to pay transaction fees on the platform (for example, submitting a contest). It seems as though the development of the token are primarily for funding purposes. The inherent value of the token is uncertain.

Token Economy: Total token supple: 425,000,000 BGL It is stated that the Buglab VPR (Vigilante Protocol Reserve) will be continually funded via the following revenue streams: 10% – Contest cost 10% – Custom pentester reward 10% – custom whitehat reward The Buglab Transaction Reserve is funded after the token sale as follows: 1% – Customer cost of each contest 1% – Contest rewards 1% – All rewards from the VPR The fee structure is specifically outlined but the use of funds from each reserve are discussed in much lower levels of detail. The need to use a transaction reserve as opposed to including transaction fees within the cost of the services is unclear. Furthermore, if there is a surplus or deficit in the reserve, it is unclear how the platform will function if transaction fees are supposedly supported solely through the reserve. The VPR is also stated to be used for transaction fees, which is strange.

System Decentralization (besides token): System governance is not specifically outlined. Some module of the platform (Mediation) require the approval of the organization. The level influence that the community/token holders possess in unclear. Technical details are not discussed in specific terms, thus decentralization on a technical level is also uncertain. It is specifically mentioned that security researchers will be “hand-selected”.

Fundraising Goals (Min/Max Raise Amounts): Hard cap: $20MM USD The justification for the hard cap is not outlined and do not seem to relate to development plans (which are discussed in fairly vague terms).

Use of Proceeds (Fund Allocation): The use of proceeds of the token sale are described as follows: 45% – Development and staffing 22% – Marketing 16% – Business development 12% – R&D 5% – Legal and accounting The use of funds obtained from the VPR and the Buglab Transaction Reserve are not outlined in detail.

Token Allocation: The token allocation is presented as follows: 40% – General token sale 20% – Vigilante Protocol reserve 10% – Team 10% – Future product development 10% – Marketing 7% – Advisors 2% – Community campaign 1% – Buglab transaction reserve Vesting periods are not clearly outlined and it is uncertain whether unsold tokens will be burned.

Documentation

Comprehensiveness: A brief assessment on the cybersecurity market is presented and brief discussions on particular security breaches (including blockchain projects) are included in the whitepaper. The drawbacks of common strategies against cybersecurity are outlined (one of which are bug bounty programs). Bug bounty challenges are criticized since “companies often end up getting charged to fix issues not entirely consequential to their revenue or customers”. The problem statement is discussed with low levels of detail. The solution description is outlined and discusses the platform and ecosystem on a logistical level. Technical content is lacking. Business-related aspects and token economics is briefly discussed but lacks clarity. The company GitHub page is presented and contains a repository for the token sale contracts. Legal content cant be found towards the end of the whitepaper.

Readability: The document is easy to read. Sections of the whitepaper that address token economics could be presented in a manner that would improve clarity.

Transparency: There is a lack of technical content. The current stage of development is not discussed in detail. Potential issues are not addressed and competitor evaluation is weak. However, the document does not seem deliberately obfuscated.

Presentation of Business Plan and Token Model: Revenue streams are outlined in the whitepaper with references to the corresponding fee structure. Fiscal projections and competition analysis is not through. Market strategies, growth channels, comprehensive competitor evaluations are not included in the documentation. The token economics lacks clarity.

Presentation of Platform Technology and Use of Blockchain: There is little technical content provided in the whitepaper. Most of the discussion of the platform is about how the platform will operate on a logistical level.

Legal Review and Risk Assessment: Legal content can be found towards the end of the whitepaper which spans approximately 3 pages and is professionally written.

 

Category Breakdown
Comprehensiveness

Does it cover the full scope of the problem and solution?

3.0
N/A
3 - Minimally sufficient information provided.
Readability

How easy is it to read and understand the documentation, comprehend the project's goals and trajectory.

4.0
N/A
4 - Relatively easy to read and understand, even if complex.
Transparency

Level of disclosure of pertinent information regarding the company and the project, including current stages of development, issues that have been identified and how to address them, potential problems, access to resources and repositories (github repository, patent applications). Honesty with regard to what the project can (vs. wishes to) achieve.

3.0
N/A
3 - Basically honest, but hyped up or potentially misleading.
Presentation of Business Plan and Token Model

What stages are to be achieved, how are they to be carried out and according to what timeline, what is the long-term plan. How well thought-out is the token model and how well does it fit into the company's overall business model.

3.0
N/A
3 - More information required. Discussion is based on unverified assumptions, business and token models are are not fully laid out, or some key issues remain unaddressed.
Presentation of Platform Technology and Use of Blockchain

What are the platform's core and additional features, how are they to be implemented and according to what timeline, what is the long-term plan. How well thought-out is the use of blockchain technology and how integral is it to the platform.

1.0
N/A
1 - Severely lacking; little or no technical discussion.
Legal Review and Risk Assessment

How professional are the disclaimers, risk assessments, terms and conditions, etc. Is the company working with respectable law/accounting firms? What about due diligence and smart contract auditing? Is a SAFT structure being used (and is the SAFT accessible)?

3.0
N/A
3 - Semi-professional (e.g., includes standard disclaimer, terms and conditions, and risk factors).
Documentation Score:
2.8

Product

Differentiation: It is stated that the current issues with bounty programs today are due to the costs and the sub-par results.The platform will utilize a scoring system which will incentivize pentesters (penetration testers) to increase their score by uncovering a high number of significant vulnerabilities.
The platform lists the following features for the Buglab solution:

– Public Contest
– Private Contest
– Selection Filters
– Reports (performance summary)
– Mediation (customer service)
– Triage System (duplicate identification)
– Client-Managed (three levels of contest management: basic, pro, enterprise)
– Leaderboard
– Chat
– Fix Companion (enterprise: bug fix verification)

Notable differentiating features of the platform are fairly weak. The scoring system is not specifically outlined and other major features of the platform are primarily discussed in broad terms.

Readiness: Most developments thus far have been business-oriented. It is unclear whether the organization has made any notable progress in terms of technical development.

Concreteness of Development Plans: The development roadmap is presented as follows:

March 2016
– Development begins
February 2017
– French Tech Ticket acceptance and team relocation
June 2017
– IBM Global Entrepreneur program acceptance
November 2017
– Partnership with CERTs & CSIRTs begins
Q2 2018
– Public pre-sale opens
Q3 2018
– Public sale opens
– Blockchain migration begins
– Public Beta Release
Q4 2018
– Launch of contest and vigilante protocol

Most milestones pertain to business-related developments. There is a lack of technology-focused milestones.

Current Position within Roadmap: Thus far the organization has conceptualized the platform and have begun the process of gaining interest towards the project. However, critical developments have yet to be achieved by the organization. The core components of the platform have yet to be developed.

Feasiblity: Based on the roadmap, the feasibility of the organization achieving the major milestones (public beta release, launch of contest and vigilante protocol) is uncertain due to the lack of intermediary milestones included in the roadmap. The company GitHub page shows little content and suggests that the organization has not made significant progress from a technological perspective. As such, the specified deadline for the last few milestones seem quite ambitious.

Blockchain Innovation: The platform does not provide innovation from a blockchain technology perspective.

 

Category Breakdown
Differentiation

What are the product's unique features / attributes / advantages? How is it different from other, similar products or projects? What makes it stand out or gives it an edge?

2.0
N/A
2 - Minimal or contrived, unconvincing.
Readiness

Readiness of the full platform, including blockchain/smart-contract/token infrastructure; based on what's publicly available (not just claims).

1.0
N/A
1 - Nothing yet, just an idea, for the product as a whole.
Concreteness of Development Plans

How detailed is the roadmap? How well defined is the timeframe? How concrete and detailed are the milestones and how well are they correlated with the business and technology development plans, as well as with funding goals (i.e., fundraising dependent)?

2.0
N/A
2 - Vague and noncommittal, few milestones with few details provided.
Current Position within Roadmap

How far along is the project as a whole relative to the plans and roadmap (including growth, not just platform development)?

2.0
N/A
2 - Critical obstacles ahead.
Feasiblity

Are the project's development plans reasonable? Does the long term vision align with core objectives and current development efforts? Does the timeframe make sense?

2.0
N/A
2 - Very ambitious.
Blockchain Innovation

What is the level of innovation and development particularly with regard to blockchain technology and its utilization? Do the project's blockchain-related developments have value beyond the company's particular platform or network?

1.0
N/A
1 - None; simple, basic Ethereum based token (ERC20 with minimal smart contract functionality).
Product Score:
1.7

Market

Target User Base: The platform is targeted towards enterprise clients that require information security services and those that are interesting in providing those services while receiving recognition and compensation.

Market Penetration Potential: The potential for market penetration by using cryptocurrency to essentially crowdsource cybersecurity services is moderate. However, there are a number of competitors in this sector that are much further along. The platform does not provide many notable features that would indicate the the project will effectively distinguish itself from the competition.

Direct Competition: There are a number of bug bounty programs that utilize blockchain technology (primarily for the creation and distribution of tokens). Only two potential competitors were briefly discussed in the whitepaper: HackerOne and Bugcrowd. Other potential competitors include:

– PolySwarm
– LevelNet
– Hackenproof
– Hacken
– Bountie

Solution Advantage: Competitive advantages of the platform are outlined in the whitepaper as follows:

– First to market (for pay-per-vulnerability payment model)
– Verified researchers (hand-picked accredited global researchers)
– Time-limited (time-limited contests)
– Money-back guarantee (retrieve the paid contest fees if no bugs are found)
– Identity protection
– Bug fix assurance (mediation)

Most of the advantages seem contrived and overall the advantages of the platform are fairly weak, especially considering the lack of detail provided in the whitepaperp with regards to these aspects of the platform.

Blockchain Disruption: The advantages of using blockchain technology with respect to pentesting is outlined specifically in the whitepaper. All of the aspects are outlined in vague terms and not are not effectively presented in context with the scope of the project. For example, it is stated that the immutability of smart contracts will allow pentesters to “discover and communicate vulnerabilities quickly”.

Long-Term Vision: The long-term vision of the organization is not clear. This is evident with the lack of thorough discussion regarding potential competitors and the lack of detail provided in the roadmap.

 

Category Breakdown
Target User Base

How big is the project's target user base, how large is its potential market?

3.0
N/A
3 - Has growth potential.
Market Penetration Potential

How easy or difficult will it be to penetrate this market sector on the scale proposed by the project? How dominant is the hold of current market leaders, and are they maintaining a competitive edge? For reviewers (not for tooltip): This should be generally with regard to both traditional and emerging blockchain solutions (assuming that in most sectors, there are no leading blockchain solutions as of yet, but there may start to be). Also, token regulatory issues that apply equally to all should not be stressed here, unless the project has an extra regulatory issue, or (in the other direction) if the regulatory measures taken help it considerably with market penetration...

2.0
N/A
2 - Somewhat difficult or unlikely.
Direct Competition

How many direct competitors does the project have (that are already known or can be easily found with a simple search), and how much further along are they? This should focus on blockchain-related competition but can include established or notable traditional (non-blockchain) competitors with a strong hold.

3.0
N/A
3 - Some normal competition (e.g., 5-7, similarly positioned). Blockchain solutions already evidently present in the sector.
Solution Advantage

How strong is the project's unique selling proposition (i.e., its stated advantage over similar or comparable ones)?

2.0
N/A
2 - Unexceptional / weak.
Blockchain Disruption

How strong is the potential for disruption of the market sector due to the introduction of blockchain technology, as it is utilized by the solution?

2.0
N/A
2 - Unexceptional / weak.
Long-Term Vision

What are the long term goals and plans of the project? (In terms of concrete plans, not just hype or vague assertions.)

2.0
N/A
2 - Monetization and network growth, increasing engagement. Project with somewhat limited scope or questionable viability.
Market Score:
2.3

Company and Team

Company Stage and Foundation: According to the organization’s LinkedIn page, the privately-held company was founded in 2016 and are based in Cesson-Sevigne, Rennes. It is unclear whether the organization has received significant levels of investment funding.

Team Assembly and Commitment: The core team of 7 individuals and 1 advisor are presented in the whitepaper and the company website. The team structure is presented as follows:

Reda Cherqaoui | Founder, CEO
Alexander Belokon | Backend developer
Youness Aamiri | Blockchain Developer
Azdine Bouhou | Software Architect
Konstantin Bditskikh | Frontend Developer
Amine Bioudi | Full Stack Developer
Dalal Cherqaoui | Marketing and Communications Manager

Herve Schauer | Advisor

When analyzing the LinkedIn profiles, it was found that all core team members show involvement with the project. A few key individuals are concurrently involved with other projects (the CEO and the Software Architect). Most team members have a technical position with.

Background of Lead/Core Team Members: Links to LinkedIn profiles are not provided. Short bio descriptions are included on the company website and the whitepaper. GitHub links are not provided for those with a technical background. With the exception of a few team members, the level of information regarding current and prior work experience is limited.

Relevance of Team’s Previous Experience and Skill Set: Most team members (5 of 7) show that their most previous work experience entails freelance work, internships, or in one case, no information regarding past work experience at all. The individual with the most relevant work experience is the CEO, where is was the CEO if Achilles Security, a computer a network security company focused on anti-hacking services. There is a lack of individuals with blockchain development expertise.

Team Skill Set Balance (biz / tech / blockchain): Based on the team structure outlined on the company website and the whitepaper, the skill set of the team is aligned more closely to technology development. Only one individual is responsible business-relations and marketing. As a result, the skill set of the team is skewed.

Strategic Partnerships: The following organizations are listed as partners on the company website:
– La French Tech
– French tech Ticket
– Bpifrance
– IMT Atlantique
– ISOLAS

However, the level of involvement with these organizations is unclear: it is uncertain whether some (or all) of these “partners” will have significant impact with regards to the success of the project. These partners are not discussed in the documentation. As a result, notable partnerships/launch partners are not evident.

 

Category Breakdown
Company Stage and Foundation

When was the company founded, how mature is it? Has it raised significant funds? Where relevant, this should address the parent company. For reviewers (not for tooltip): Check company LinkedIn and Crunchbase profiles. Impression summary should list basic information such as founding date, location/s, previous fundraising rounds (via crunchbase), maybe number of employees (via linkedin).

3.0
N/A
3 - Company structure in place.
Team Assembly and Commitment

What is the structure of the team (core members, advisers, contributors)? Are all necessary positions filled or is the company still looking for key team participants? Are the team members fully committed to the project (or involved with other projects simultaneously)?

2.0
N/A
2 - Lacking in key areas.
Background of Lead/Core Team Members

Are LinkedIn (or Github, or other professional) profile links provided, and do they show involvement in the project and relevant previous experience? For reviewers (not for tooltip): If the team is quite large, C-level and certain key team members (such as lead tech/blockchain developers) should be looked at, while other than that, a sample is fine (but this should be mentioned or reflected in the language ["It appears as though..."]).

3.0
N/A
3 - Minimally sufficient.
Relevance of Team's Previous Experience and Skill Set

How relevant are the team members' backgrounds and experience to the project and its requirements? Do they come from related industries and have in-depth knowledge of their respective fields?

2.0
N/A
2 - Lacking or inconsistent.
Team Skill Set Balance (biz / tech / blockchain)

Do the team members' backgrounds and experience appear to collectively cover the project requirements? This includes but is not limited to blockchain expertise.

2.0
N/A
2 - Somewhat skewed.
Strategic Partnerships

What kind of launch partners and early adopters does the project have?

1.0
N/A
1 - None really.
Company and Team Score:
2.2

Token Economics

Value Proposition of Token: It is stated that “the Buglab Token (BGL) is being introduced to incentivize penetration testing in the blockchain environment”. The justification for creating the token is outlined in the whitepaper as follows: – To reward contest winners— up to the top three in rankings, or as customized by the client. – To cover the cost of a contest, including transaction costs. – To enable and tokenize “tipping” functionality for white hats. – To fund both the VPR and BTR. – To reward CERTs and CSIRTs for triaging of vulnerabilities and help build new partnerships. BGL tokens are used as a means of exchange and to pay transaction fees on the platform (for example, submitting a contest). It seems as though the development of the token are primarily for funding purposes. The inherent value of the token is uncertain.

Token Economy: Total token supple: 425,000,000 BGL It is stated that the Buglab VPR (Vigilante Protocol Reserve) will be continually funded via the following revenue streams: 10% – Contest cost 10% – Custom pentester reward 10% – custom whitehat reward The Buglab Transaction Reserve is funded after the token sale as follows: 1% – Customer cost of each contest 1% – Contest rewards 1% – All rewards from the VPR The fee structure is specifically outlined but the use of funds from each reserve are discussed in much lower levels of detail. The need to use a transaction reserve as opposed to including transaction fees within the cost of the services is unclear. Furthermore, if there is a surplus or deficit in the reserve, it is unclear how the platform will function if transaction fees are supposedly supported solely through the reserve. The VPR is also stated to be used for transaction fees, which is strange.

System Decentralization (besides token): System governance is not specifically outlined. Some module of the platform (Mediation) require the approval of the organization. The level influence that the community/token holders possess in unclear. Technical details are not discussed in specific terms, thus decentralization on a technical level is also uncertain. It is specifically mentioned that security researchers will be “hand-selected”.

Fundraising Goals (Min/Max Raise Amounts): Hard cap: $20MM USD The justification for the hard cap is not outlined and do not seem to relate to development plans (which are discussed in fairly vague terms).

Use of Proceeds (Fund Allocation): The use of proceeds of the token sale are described as follows: 45% – Development and staffing 22% – Marketing 16% – Business development 12% – R&D 5% – Legal and accounting The use of funds obtained from the VPR and the Buglab Transaction Reserve are not outlined in detail.

Token Allocation: The token allocation is presented as follows: 40% – General token sale 20% – Vigilante Protocol reserve 10% – Team 10% – Future product development 10% – Marketing 7% – Advisors 2% – Community campaign 1% – Buglab transaction reserve Vesting periods are not clearly outlined and it is uncertain whether unsold tokens will be burned.

Category Breakdown
Value Proposition of Token

How much of a need is there for the token? What is the token's utility value, and what is its value as a security?

2.0
N/A
2 - Token issued primarily for fundraising purposes or network effect. Inherent value is minimal or contrived.
Token Economy

How well defined and sustainable is the token economy? This should include circulation, fees, earn/spend mechanisms, inflation/deflation mechanisms, etc.

2.0
N/A
2 - Loosely defined, uncertain or faulty, raises cause for concern.
System Decentralization (besides token)

How decentralized is the solution other than the token (e.g., data collection, storage, access, and use, or decision making processes, etc.)? The purpose here is not to penalize use of centralized components per se, but to assess how decentralization is incorporated.

1.0
N/A
1 - Essentially centralized without due consideration of the broader issue.
Fundraising Goals (Min/Max Raise Amounts)

How sensible are the project's min/max raise amounts or soft/hard caps? (Related to Use of Proceeds but broader).

1.0
N/A
1 - Very greedy or nonsensical.
Use of Proceeds (Fund Allocation)

How well-defined and sensible is the planned use of proceeds / fund allocation?

1.0
N/A
1 - Not clear how funds will be used.
Token Allocation

How well-defined and reasonable is the token allocation (including vesting, what's done with unsold tokens, etc.)?

3.0
N/A
3 - Sufficient company/community interest balance.
Token Economics Score:
1.7

Use this code to share the ratings on your website