In 2011, two Dutch hackers in their early 20s made a target list of 100 high-tech companies they would try to hack. Soon, they had found security vulnerabilities in Facebook, Google, Apple, Microsoft, Twitter and 95 other companies’ systems.
They called their list the Hack 100.
When they alerted executives of those companies, about a third ignored them. Another third thanked them, curtly, but never fixed the flaws, while the rest raced to solve their issues. Thankfully for the young hackers, no one called the police.
Now the duo, Michiel Prins and Jobert Abma, are among the four co-founders of a San Francisco tech start-up that aims to become a mediator between companies with cybersecurity issues and hackers like them who are looking to solve problems rather than cause them. They hope their outfit, called HackerOne, can persuade other hackers to responsibly report security flaws, rather than exploit them, and connect those “white hats” with companies willing to pay a bounty for their finds.
In the last year, the start-up has persuaded some of the biggest names in tech — including Yahoo, Square and Twitter — and companies you might never expect, like banks and oil companies, to work with their service. They have also convinced venture capitalists that, with billions more devices moving online and flaws inevitable in each, HackerOne has the potential to be very lucrative. HackerOne gets a 20 percent commission on top of each bounty paid through its service.
“Every company is going to do this,” said Bill Gurley, a partner at Benchmark, which invested $9 million in HackerOne. “To not try this is brain-dead.”
The alternative to so-called moderated bug bounty programs is sticking with the current perverse incentive model. Hackers who find new holes in corporate systems can, depending on their severity, expect six-figure sums to sell their discovery to criminals or governments, where those vulnerabilities are stockpiled in cyberarsenals and often never fixed. Alternatively, when they pass the weaknesses to companies to get them fixed, the hackers are often ignored or threatened with jail.
In essence, the people with the skills to fix the Internet’s security problems have more reasons to leave the web wide open to attack.
“We want to make it easy and rewarding for that next group of skilled hackers to have a viable career staying in defense,” said Katie Moussouris, HackerOne’s chief policy officer, who pioneered the bounty program at Microsoft. “Right now, we’re on the fence.”
The Latest on: Hacking
via Google News
The Latest on: Hacking
- Hacking Generational Wealth – Building the Future of Financial Equity and Equalityon February 24, 2021 at 8:41 am
The goal of the hackathon is to solve issues related to Generational Wealth. The three areas of focus are Housing Security, Open Banking, and Credit/Debt Management. Participants will spend the ...
- Top 10 web hacking techniques of 2020on February 24, 2021 at 7:45 am
Web Hacking Techniques of 2020, our annual community-powered effort to identify the must-read web security research released in the previous year. Over the past few weeks ...
- Twitter’s new hacking label has already been hackedon February 24, 2021 at 5:57 am
Twitter has started to label some tweets with a warning about materials “obtained through hacking.” This new label is appearing on some news stories that Twitter believes are based on hacks and leaked ...
- Tampa teen accused of hacking into celebrity Twitter accounts to make court appearanceon February 24, 2021 at 2:48 am
A 17-year-old accused of being the "mastermind" behind hacking prominent Twitter accounts over the summer is set to make a court appearance Wednesday afternoon. Graham Clark, 17, is one of three ...
- Hacking Campaign Fuels Calls for Information Sharing Mandateon February 24, 2021 at 12:30 am
Democrats and Republicans of the Senate Intelligence Committee, as well as key private-sector victims of a massive hacking campaign that compromised several federal agencies, were united on the need ...
- Capitol Hill’s busy day: Confirmation hearings, updates on the Russian hacking attack and more.on February 23, 2021 at 2:51 pm
It was a busy day on Capitol Hill. President Biden’s nominees for interior and health secretary appeared before Senate committees, where they faced tough questions from Republicans. The two-day ...
- Hacking Group Discovered Nintendo DS Lite Had A TV Output Featureon February 23, 2021 at 11:57 am
That’s right the first incarnation of the DS lineup was originally planned to feature a TV output function. A group called Lost Nintendo History, which aims to provide marketing materials and original ...
- Biden administration to respond to Russian hacking, poisoning in 'weeks not months'on February 23, 2021 at 10:29 am
The Biden administration is preparing to take action against Russia for actions including a massive hack of the federal government and the poisoning of a Russian opposition leader in “weeks, not ...
- China Hijacked an NSA Hacking Tool in 2014—and Used It for Yearson February 22, 2021 at 3:23 am
The hackers used the agency’s EpMe exploit to attack Windows devices years before the Shadow Brokers leaked the agency’s zero-day arsenal online.
- Malaysia arrests 11 suspects for hacking government siteson February 19, 2021 at 7:27 am
A similar government website defacement campaign is also taking place this week in Myanmar, in support of the country's jailed elected leader.
via Bing News