A bug bounty refers to the reward a bad-guy hacker gets upon discovering a vulnerability, weakness or flaw in a company’s system.
But whom better to ask than a burglar, right? Same with a company’s computer systems: The best expert may be the black hat or better, white hat hacker.
An article at bits.blogs.nytimes.com says that Facebook, Google, Microsoft, Dropbox, PayPal and Yahoo are on the roster of companies that are offering hackers bounties for finding “bugs” in their systems.
A “zero day bug” refers to an undiscovered flaw or security hole. Cybercriminals want to know what these zero day bugs are, to exploit for eventual hacking attempts. There is a bustling black market for these non-identified bugs.
Compounding the issue is that it is becoming easier for Joe Hacker to acquire the skills to infiltrate—skills that common hackers never would have had just a few years ago, and especially a decade ago. So you can see how important it is for businesses to hire the best at finding these bugs and rewarding them handsomely.
So yes, hackers are being paid to report bugs. The bits.blogs.nytimes.com article says that Facebook and Microsoft even sponsor an Internet Bug Bounty program. Such a program should have been started long ago, but it took some overlooked bugs to motivate these technology companies to offer the bounties.
Heartbleed is an example. Remember that? It was a programming code mistake that affected certain SSL certificates—which help protect users on a secure website. As a result, over a dozen major tech companies began an initiative to, as the bits.blogs.nytimes.com article says, “pay for security audits in widely used open-source software.”
So as clever as bug bounties sound, it shouldn’t be regarded as the be-all end-all solution. How about an incentive to get developers to implement secure, mistake-free coding practices? Well, companies are trying. And they keep trying. But with humans behind the technology, there will always be mistakes.
ROBERT SICILIANO, CEO of IDTheftSecurity.com is fiercely committed to informing, educating, and empowering Americans so they can be protected from violence and crime in the physical and virtual worlds. His "tell it like it is" style is sought after by major media outlets, executives in the C-Suite of leading corporations, meeting planners, and community leaders to get the straight talk they need to stay safe in a world in which physical and virtual crime is commonplace. Siciliano is accessible, real, professional, and ready to weigh in and comment at a moment's notice on breaking news.
- Infrastructures under attack
It’s been stated more than once that WWIII will most likely be cyber-based, such as dismantling a country’s entire infrastructure via cyber weapons. And don’t think for a moment this doesn’t mean murdering people. A report at bits.blogs.nytimes.com notes that foreign hackers have cracked into the U.S. Department of Energy’s networks 150 times; they’ve stolen blueprints
- How to pwn Anyone
Define Pwn: Pwn is a slang term derived from the verb own, as meaning to appropriate or to conquer to gain ownership. The term implies domination or humiliation of a rival. And when it’s done by hacking email, the person is effectively pwned. No matter how “private” you are on the Internet, no matter how infrequently
- What is a Hacker?
You probably think you know what a “hacker” is, but the images portrayed in the media can be misleading. You may be thinking of a geeky-looking guy who causes peoples’ computers to get infected with viruses or cracks passwords to raid the accounts of big business. This is one kind of hacker, but in a
- These are the Bigtime Hackers
Hackers with big skills and a big ego will be drawn to Facebook and Twitter as their targets. But they’ll also target dozens of other companies, reports an article on arstechnica.com. One group in particular stands out as the attackers, using zero-day exploits. They are known as Wild Neutron and Morpho, says the article, and have
- Are All Hackers Bad?
The word hacker has a pretty negative connotation. It brings to mind other words like cybercriminal, thief, and malicious. It’s easy to see why hacker has a bad rep. The news is full of stories about hackers stealing data from large companies and the government. Hackers are the bad guys. But are they? Tesla just recently announced they