Some of the world's largest companies—Yahoo! Inc., Twitter Inc. and General Motors Co., among others—participate in bug bounty programs. Companies in these programs
pay rewards to “white hat” or “ethical”
hackers for finding cybersecurity vulnerabilities in their networks.
Bloomberg BNA Privacy & Data Security News Senior Legal Editor Daniel R. Stoller posed a series of questions to Marten Mickos, chief executive officer of HackerOne Inc. and former senior vice president and general manager for Hewlett-Packard Co., on why companies should join bug bounty programs and whether hackers will help businesses shore up their cybersecurity.
Because of this community we also see customers arrive by invitation from either a hacker who has found a vulnerability and would like to report it using the HackerOne service, or they are invited by a customer or business partner of theirs. We also conduct outreach to invite others to join. Each new customer on HackerOne poses a unique challenge for our talented hackers and this helps us attract the best hackers and foster our community.
Most of our customers find a security vulnerability within 24 hours of launching on HackerOne. This is why organizations, including the U.S. Department of Defense, General Motors, Google Inc., Yahoo, Microsoft Corp. and Uber Technologies Inc., work with hackers as part of their security strategy.
Bloomberg BNA Privacy & Data Security News Senior Legal Editor Daniel R. Stoller posed a series of questions to Marten Mickos, chief executive officer of HackerOne Inc. and former senior vice president and general manager for Hewlett-Packard Co., on why companies should join bug bounty programs and whether hackers will help businesses shore up their cybersecurity.
Bloomberg BNA:
Do companies become part of the HackerOne bug bounty program platform by application or invitation?Marten Mickos:
Companies come to HackerOne in most cases because they understand the benefits of working with hackers to improve software security so they contact us to sign up. HackerOne has created a global network of hackers and companies who work together to find and resolve software vulnerabilities.Because of this community we also see customers arrive by invitation from either a hacker who has found a vulnerability and would like to report it using the HackerOne service, or they are invited by a customer or business partner of theirs. We also conduct outreach to invite others to join. Each new customer on HackerOne poses a unique challenge for our talented hackers and this helps us attract the best hackers and foster our community.
Bloomberg BNA:
Do you think allowing white hat or ethical hackers to exploit network vulnerabilities is the best way for companies to both detect and prevent future cyberattacks?Mickos:
Inviting white hat or ethical hackers to hunt for bugs is a very powerful solution to a very common and complex problem. Every software system has vulnerabilities and every industry is struggling with security. Even if you’ve bought all the right products or followed all the best practices there are still no guarantees that your systems are secure. By inviting friendly hackers to look for vulnerabilities you will find out what you missed.Most of our customers find a security vulnerability within 24 hours of launching on HackerOne. This is why organizations, including the U.S. Department of Defense, General Motors, Google Inc., Yahoo, Microsoft Corp. and Uber Technologies Inc., work with hackers as part of their security strategy.
Комментариев нет:
Отправить комментарий