In 2011, two Dutch hackers in their early 20s made a target list of 100 high-tech companies they would try to hack. Soon, they had found security vulnerabilities in Facebook, Google, Apple, Microsoft, Twitter and 95 other companies’ systems.
They called their list the Hack 100.
When they alerted executives of those companies, about a third ignored them. Another third thanked them, curtly, but never fixed the flaws, while the rest raced to solve their issues. Thankfully for the young hackers, no one called the police.
Now the duo, Michiel Prins and Jobert Abma, are among the four co-founders of a San Francisco tech start-up that aims to become a mediator between companies with cybersecurity issues and hackers like them who are looking to solve problems rather than cause them. They hope their outfit, called HackerOne, can persuade other hackers to responsibly report security flaws, rather than exploit them, and connect those “white hats” with companies willing to pay a bounty for their finds.
In the last year, the start-up has persuaded some of the biggest names in tech — including Yahoo, Square and Twitter — and companies you might never expect, like banks and oil companies, to work with their service. They have also convinced venture capitalists that, with billions more devices moving online and flaws inevitable in each, HackerOne has the potential to be very lucrative. HackerOne gets a 20 percent commission on top of each bounty paid through its service.
“Every company is going to do this,” said Bill Gurley, a partner at Benchmark, which invested $9 million in HackerOne. “To not try this is brain-dead.”
The alternative to so-called moderated bug bounty programs is sticking with the current perverse incentive model. Hackers who find new holes in corporate systems can, depending on their severity, expect six-figure sums to sell their discovery to criminals or governments, where those vulnerabilities are stockpiled in cyberarsenals and often never fixed. Alternatively, when they pass the weaknesses to companies to get them fixed, the hackers are often ignored or threatened with jail.
In essence, the people with the skills to fix the Internet’s security problems have more reasons to leave the web wide open to attack.
“We want to make it easy and rewarding for that next group of skilled hackers to have a viable career staying in defense,” said Katie Moussouris, HackerOne’s chief policy officer, who pioneered the bounty program at Microsoft. “Right now, we’re on the fence.”
The Latest on: Hacking
via Google News
The Latest on: Hacking
- Data of over 2.28 Million Dating Site Users Leaked on Hacking Forumon January 24, 2021 at 8:05 am
Details of more than 2.28 million users, registered on a dating website, called MeetMindful.com, were leaked by a hacker. According to a new report, the accessed data, 1.2 GB file, has been shared on ...
- The impact of Bitcoin hacking incidents in the crypto marketon January 24, 2021 at 5:40 am
By using one cryptocurrency to cash out on their theft of another, hackers are shifting the demand for cryptocurrencies from one to another, affecting the whole crypto market.
- Hacking Spree by Suspected Russians Included U.S. Think Tankon January 23, 2021 at 4:40 pm
Hacking Spree by Suspected Russians Included U.S. Think Tank. The suspected Russian hackers behind a global campaign of cyberattacks that ...
- Alleged phone hacking, possible factor in stayed murder chargeon January 23, 2021 at 11:28 am
Alleged phone hacking, possible factor in stayed murder charge. KELOWNA, BC - Arlene Westervelt's mysterious death seemed like a tragic ...
- Home security technician admits hacking customers' security camerason January 23, 2021 at 10:59 am
A former ADT security company employee has admitted to breaking into the cameras he installed in users’ homes in the Dallas area to watch their private moments. Telesforo Aviles has pleaded guilty to ...
- Biden’s foreign policy challenges, from Iran’s nuclear program to Russian hackingon January 22, 2021 at 12:27 pm
When President Biden was sworn in shortly before noon on Wednesday, he inherited a host of foreign policy challenges from former President Donald Trump. Biden’s predecessor in the White House can ...
- Growth Hacking; North Star Metric, OKRs and ICE Explainedon January 22, 2021 at 10:18 am
In a previous blog post, I mentioned the North Star Metric, OKRs and ICE. I said I would explain what they were later. Well, I’m a man of my word, so here it is… If you’ve just landed on this page and ...
- CSUF cybersecurity students test their ‘ethical hacking’ abilitieson January 21, 2021 at 11:33 pm
A squad competes in a top collegiate cybersecurity competition that approaches the field from a hacker’s perspective.
- Biden orders assessment of Russian hacking, even while seeking to extend nuclear treatyon January 21, 2021 at 8:45 pm
President Joe Biden ordered a sweeping review on Thursday of American intelligence about Russia’s role in a highly sophisticated hacking of government and corporate computer networks, along with what ...
- Biden Orders Sweeping Assessment of Russian Hacking, Even While Renewing Nuclear Treatyon January 21, 2021 at 7:06 pm
There will be no “reset” of the American relationship with Moscow, administration officials say. But in an era of constant confrontation in cyberspace, the president seeks to avoid a nuclear arms race ...
via Bing News