Many major companies use bug-bounty programs to know about the vulnerabilities in their systems and deal with the issues. As the frequency of attacks rises at a stupendous rate, bug-bounty has come up as a really promising prospect for hackers.
Bug-bounty programs are nothing new. The first bug-bounty program was launched by Netscape in 1995. Since then, many major corporations have used it to allow hackers to find out vulnerabilities in their systems. Hackers are invited to try and find bugs and vulnerabilities in the security systems and networks of the organization and are offered rewards in the form of bounties.
The amount varies according to the seriousness of the bug reported by the hacker. Apple recently conducted a bug-bounty program where bounties up to $200,000 were offered to hackers. Facebook, on the other hand, has spent more than $4 million since 2011 in this field.
The rise in the number of attacks today is the reason why companies like these are initiating such programs. However, it has been revealed that 94% companies in the Forbes 2000 list still don’t have a bug-bounty program. This makes it a great prospect for companies like HackerOne and Bugcrowd, which are bug-bounty companies.
These companies serve as platforms for hackers to give reports on bugs they find in the systems of major corporations in the world. The companies then forward the reports to the corporation, and the hackers are given compensation for their efforts. In this way, hackers can get a lot of money by helping others deal with the problems in their systems.
Although most of the reports submitted to HackerOne are from the US, the company said that it had paid bounties to hackers in more than 100 countries. In a world where everything, from your kid’s toy to your vacuum cleaner, is connected to the internet and is unprotected, the targets are various, and hackers are exploiting the situation heavily.
Recent incidents like hackers showing last year that they could remotely shut down a Jeep Cherokee on a highway as well as hotel operator HEI revealing that credit card information of their customers had been compromised by a malware reveal that nobody today is safe. This makes it easy for bug-bounty companies like HackerOne and Bugcrowd to thrive.
Other than major global corporations, government agencies are taking bug-bounty programs seriously as well. The Pentagon recently invited hackers to find vulnerabilities in its Department of Defence’s website.
Rewards ranging from $100 to $15,000 were given to many of the 1,400 hackers who had joined the program. Even Hillary Clinton has realized the importance of tending to this issue, with the presidential candidate saying that she would see to it that bug-bounty programs become more frequent to allow hackers to use their skills for the good.