Hackers Paid Big Money To Improve Cybersecurity

Uploaded on 2018-08-07 in NEWS-Cybersecurity News, JOBS-Careers, FREE TO VIEW, TECHNOLOGY--Hackers

A new report shows that a growing number hackers are being paid big bounties by companies, organisations, and even the US government to discover bugs and protect the platforms and products that consumers use every day.

The report was released by a San Francisco company called HackerOne which serves as a platform that links hackers with companies and organisations that hope to improve their cybersecurity.

The data came from a survey of some 1,700 people and focused on so called "white hat" or ethical computer hackers who are collecting money or bug bounties to help protect companies instead of exploit their vulnerabilities.

The survey shows those bounties are increasing in number and size.

"The business has grown dramatically in the past year. The government is now a pioneer in this, which is positive...and the top bounties have increased a lot," said Marten Mickos, CEO of HackerOne, who added that the top bounty claimed is $100,000 but some clients offer up to $250,000 for discoveries of critical vulnerabilities.

HackerOne says a wide range of companies across different sectors are now using hackers, including companies such as Starbucks, Google, General Motors, Slack, Uber, Nintendo, Snapchat, Goldman Sachs, Toyota, and the US military.

"The US Air Force is highly secure but it took our hackers only 8 minutes to find the first vulnerability and in total we found something like 200 holes in their systems," said Mickos.

Joel Margolis, 20, is a junior in college and when he looks at his laptop screen, it's often not to play games or shop online. He's already become an accomplished hacker in a short time.

"I've been hacking for probably about 4-5 years," said Margolis, who adds he's already found bugs for major tech companies.

"Uber, Yahoo, Oath, AOL, all these companies. Huge companies. Facebook," Margolis said, "I found a bug on Google a couple months ago and like, anybody would expect that Google has the best security because everyone uses it. But just because it has a lot of use doesn't mean it has great security."

The report also looked at companies on the Forbes Global 2000 and found one common flaw. The report says 93% of those companies had no policy to receive, review, and resolve bug reports from outside their company.

Rebecca Jeschke, a spokeswoman and digital rights analyst with the Electronic Frontier Foundation says companies sometimes turn a blind eye to bugs.

"Lots of companies like to think that if no one knows about the bug then no one will exploit it. But that's not true," said Jeschke.

HackerOne's CEO says even in the tech-savvy Bay Area, there is a need for improvement.

"We have a problem in the world and in the SF Bay area that cyber security and computer science have been seen as two separate practices. They need to be one," said Mickos, "We need to design cybersecurity into the code from the very beginning."

HackerOne says their platform alone draws some 200,000 hackers to pursue bug bounties and they expect the number of these "white hat" hackers will only continue to grow.

KTVU:

You Might Also Read: 

US Air Force Hacked By Teenager:

HBO Offers Hackers $250,000 'bug bounty':

 

« Business Will Benefit From Artificial Intelligence
EU Cybersecurity Act Could Impact Cross-Border Data Flows »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

European Defence Agency (EDA)

European Defence Agency (EDA)

EDAs mission is to improve European defence capabilities. Programme areas include Cyber Defence.

ComTrue Technologies

ComTrue Technologies

ComTrue Technologies provides artificial intelligence solutions and information security solutions.

PartnerRe

PartnerRe

PartnerRe provides multi-line reinsurance to insurance companies on a worldwide basis. Services include Cyber Risk.

DG Technology

DG Technology

DG Technology is a customer-centric technology expert and business consultant that delivers services and products to minimize your information security, compliance, and business risks.

Industrial Networking Solutions (INS)

Industrial Networking Solutions (INS)

INS Services specializes in designing, deploying and providing on-going support for critical OT (Operational Technology) and IIoT (Industrial Internet of Things) networks.

TCPWave

TCPWave

TCPWave IPAM is the world’s first acclaimed DNS/DHCP management software to pass the most stringent Information security tests.

Sonrai Security

Sonrai Security

Sonrai Security delivers an enterprise security platform focused on identity and data protection inside AWS, Azure, and Google Cloud.

Axiado

Axiado

Axiado Corporation is a security processor company redefining hardware root of trust with hardware-based security technologies, including per-system AI.

RAND Corporation

RAND Corporation

The RAND Corporation is a non-profit institution that helps improve policy and decision making through research and analysis.

Centric Consulting

Centric Consulting

Centric Consulting is an international management consulting firm with unmatched expertise in business transformation, AI strategy, cyber risk management, technology implementation and adoption. 

Astran

Astran

At Astran, we revolutionize data security by introducing a groundbreaking solution for data confidentiality headaches.

CERT.ar

CERT.ar

CERT.ar is the national Computer Emergency Response Team for the technical-administrative management of computer security incidents in the National Public Sector of Argentina.

Tranchulus

Tranchulus

Tranchulus are a global provider of offensive and defensive cyber solutions, information security assessment, compliance and managed security services.

OOKOS

OOKOS

OOKOS was founded in 2023 by a team of cybersecurity veterans who recognized that traditional security models were failing to keep pace with evolving threats.

Click Studios

Click Studios

Click Studios is an Agile software development company specialising in the development of a secure Enterprise Password Management solution called Passwordstate.

Synqly

Synqly

Synqly are on a mission to enable quick, secure, and sustainable integrations between any cybersecurity and infrastructure technologies.