AWS BugBust Aims to Fix One Million Vulnerabilities Globally

Amazon Web Services (AWS) has launched an ambitious initiative to fix one million vulnerabilities and, as a result, reduce technical debt by over $100 million.

The cloud giant’s principal evangelist, Martin Beeby, said its new AWS BugBust would take the idea of a bug bash to a new level.

“AWS BugBust allows you to create and manage private events that will transform and gamify the process of finding and fixing bugs in your software. It includes automated code analysis, built-in leaderboards, custom challenges, and rewards,” he explained.

“AWS BugBust fosters team building and introduces some friendly competition into improving code quality and application performance. What’s more, your developers can take part in the world’s largest code challenge, win fantastic prizes, and receive kudos from their peers.”

The program will see participants use Amazon’s CodeGuru Reviewer and CodeGuru Profiler tools, which utilize automated reasoning and machine learning to find vulnerabilities in applications.

“A traditional bug bash requires developers to find and fix bugs manually,” continued Beeby. “With AWS BugBust, developers get a list of bugs before the event begins so they can spend the entire event focused on fixing them.”

Each time developers fix a vulnerability at a private event, they receive an allocation of points and be added to a global leader board — although only profile names and points will be visible here, not details of the vulnerabilities themselves.

Use of CodeGuru Reviewer and CodeGuru Profiler will be free for 30 days per AWS account. Developers will also be incentivized by various prizes handed out when they reach specific milestones.

An AWS BugBust varsity jacket is on offer for those reaching 2000 points, while the top 10 finalists on the leaderboard will get a free ticket to AWS re:Invent.

There were no more details on how AWS arrived at the $100 million figure, although technical debt is an ongoing challenge for the developer industry.

It stems from a focus on time-to-market at the expense of better written and more secure code at the outset. The result is that, while a project might be delivered quickly, it could be of poor quality and may need to be refactored in time. However, Amazon will have to pay back the debt eventually. 

A 2018 report claimed that fixing technical debt could be worth as much as $3 trillion globally over a decade.

What’s Hot on Infosecurity Magazine?