In 2011, two Dutch hackers in their early 20s made a target list of 100 high-tech companies they would try to hack. Soon, they had found security vulnerabilities in Facebook, Google, Apple, Microsoft, Twitter and 95 other companies’ systems.
They called their list the Hack 100.
When they alerted executives of those companies, about a third ignored them. Another third thanked them, curtly, but never fixed the flaws, while the rest raced to solve their issues. Thankfully for the young hackers, no one called the police.
Now the duo, Michiel Prins and Jobert Abma, are among the four co-founders of a San Francisco tech start-up that aims to become a mediator between companies with cybersecurity issues and hackers like them who are looking to solve problems rather than cause them. They hope their outfit, called HackerOne, can persuade other hackers to responsibly report security flaws, rather than exploit them, and connect those “white hats” with companies willing to pay a bounty for their finds.
In the last year, the start-up has persuaded some of the biggest names in tech — including Yahoo, Square and Twitter — and companies you might never expect, like banks and oil companies, to work with their service. They have also convinced venture capitalists that, with billions more devices moving online and flaws inevitable in each, HackerOne has the potential to be very lucrative. HackerOne gets a 20 percent commission on top of each bounty paid through its service.
“Every company is going to do this,” said Bill Gurley, a partner at Benchmark, which invested $9 million in HackerOne. “To not try this is brain-dead.”
The alternative to so-called moderated bug bounty programs is sticking with the current perverse incentive model. Hackers who find new holes in corporate systems can, depending on their severity, expect six-figure sums to sell their discovery to criminals or governments, where those vulnerabilities are stockpiled in cyberarsenals and often never fixed. Alternatively, when they pass the weaknesses to companies to get them fixed, the hackers are often ignored or threatened with jail.
In essence, the people with the skills to fix the Internet’s security problems have more reasons to leave the web wide open to attack.
“We want to make it easy and rewarding for that next group of skilled hackers to have a viable career staying in defense,” said Katie Moussouris, HackerOne’s chief policy officer, who pioneered the bounty program at Microsoft. “Right now, we’re on the fence.”
Read more: HackerOne Connects Hackers With Companies, and Hopes for a Win-Win
The Latest on: Hacking
[google_news title=”” keyword=”Hacking” num_posts=”10″ blurb_length=”0″ show_thumb=”left”]
via Google News
The Latest on: Hacking
- Left-Wing Climate Activists Targeted In Massive Email Hacking Campaign: REPORTon March 29, 2023 at 7:32 pm
“ExxonMobil has no knowledge of Azari, had no involvement in any hacking activities and has not been accused of any wrongdoing. To be clear, ExxonMobil has done nothing wrong.” The above environmental ...
- Prince Harry blames royal family for delay in hacking suiton March 29, 2023 at 12:53 pm
Prince Harry blamed the royal family for a delay in bringing a phone hacking lawsuit against the publisher of The Daily Mail as lawyers for the newspaper argued Wednesday that the case should be ...
- The State Of Hacking In 2023: How To Protect Your Business Dataon March 29, 2023 at 5:00 am
Here's how you can you protect yourself in the best way possible from attacks, especially as it pertains to your use of technology for business.
- Exxon’s Climate Opponents Were Infiltrated by Massive Hacking-for-Hire Operationon March 29, 2023 at 4:00 am
A charity created by some Rockefeller heirs is among the groups targeted by hackers. The oil giant hasn’t been accused of wrongdoing.
- Prince Harry – latest court news: Duke accuses royals of withholding phone hacking evidence from himon March 28, 2023 at 10:04 pm
Allegation over historic phone hacking emerged in fresh High Court privacy hearing against different publisher ...
- Prince Harry says the royal institution was 'without a doubt withholding information' about tabloids hacking his phoneon March 28, 2023 at 3:09 pm
Prince Harry and other famous people are suing Associated Newspapers for illegal information gathering, including phone hacking.
- Prince Harry Tears Into Royals for ‘Withholding Information’ on Hackingon March 28, 2023 at 12:57 pm
Prince Harry blasted the royals in court papers published today for cynically keeping him in the dark over the extent of possible criminal behavior by newspapers.
- Prince Harry says royals withheld phone hacking information from himon March 28, 2023 at 11:56 am
Prince Harry is in London and is joining Elton John and Elizabeth Hurley in taking Associated Newspapers and its tabloids to task for alleged phone hacking and surveillance over the years.
- Prince Harry returns to court in tabloid phone hacking caseon March 28, 2023 at 10:46 am
Prince Harry has returned to a London court as his attorney fought assertions that the phone hacking lawsuits he, Elton John and other celebrities have brought against the publisher of The Daily Mail ...
- Biden Restricts Use of Commercial Hacking Tools by U.S. Agencieson March 28, 2023 at 12:53 am
The president restricted the use of commercial hacking tools throughout the federal government as officials said they believed high-powered spyware had compromised devices belonging to at least 50 U.S ...
via Bing News