In 2011, two Dutch hackers in their early 20s made a target list of 100 high-tech companies they would try to hack. Soon, they had found security vulnerabilities in Facebook, Google, Apple, Microsoft, Twitter and 95 other companies’ systems.
They called their list the Hack 100.
When they alerted executives of those companies, about a third ignored them. Another third thanked them, curtly, but never fixed the flaws, while the rest raced to solve their issues. Thankfully for the young hackers, no one called the police.
Now the duo, Michiel Prins and Jobert Abma, are among the four co-founders of a San Francisco tech start-up that aims to become a mediator between companies with cybersecurity issues and hackers like them who are looking to solve problems rather than cause them. They hope their outfit, called HackerOne, can persuade other hackers to responsibly report security flaws, rather than exploit them, and connect those “white hats” with companies willing to pay a bounty for their finds.
In the last year, the start-up has persuaded some of the biggest names in tech — including Yahoo, Square and Twitter — and companies you might never expect, like banks and oil companies, to work with their service. They have also convinced venture capitalists that, with billions more devices moving online and flaws inevitable in each, HackerOne has the potential to be very lucrative. HackerOne gets a 20 percent commission on top of each bounty paid through its service.
“Every company is going to do this,” said Bill Gurley, a partner at Benchmark, which invested $9 million in HackerOne. “To not try this is brain-dead.”
The alternative to so-called moderated bug bounty programs is sticking with the current perverse incentive model. Hackers who find new holes in corporate systems can, depending on their severity, expect six-figure sums to sell their discovery to criminals or governments, where those vulnerabilities are stockpiled in cyberarsenals and often never fixed. Alternatively, when they pass the weaknesses to companies to get them fixed, the hackers are often ignored or threatened with jail.
In essence, the people with the skills to fix the Internet’s security problems have more reasons to leave the web wide open to attack.
“We want to make it easy and rewarding for that next group of skilled hackers to have a viable career staying in defense,” said Katie Moussouris, HackerOne’s chief policy officer, who pioneered the bounty program at Microsoft. “Right now, we’re on the fence.”
Read more: HackerOne Connects Hackers With Companies, and Hopes for a Win-Win
The Latest on: Hacking
[google_news title=”” keyword=”Hacking” num_posts=”10″ blurb_length=”0″ show_thumb=”left”]
via Google News
The Latest on: Hacking
- Four UK editors named in Prince Harry's phone-hacking lawsuit against Daily Mailon May 8, 2024 at 10:06 pm
Four current British newspaper editors and a string of other senior press figures have been named in a privacy lawsuit brought by Prince Harry and other public figures against the publisher of the Daily Mail and the Mail on Sunday.
- Maharashtra Army Man Demands Rs 2.5 Cr from Uddhav's Leader for 'Hacking EVMs'on May 7, 2024 at 8:46 pm
He reportedly tried to lure Ambadas Danve for ‘hacking’ Electronic Voting Machines (EVMs) in Aurangabad being used for the Lok Sabha elections. According to a report in Indian Express, the man has been identified as Maruti Dhakne, an Army Havaldar and ...
via Bing News