Ethical Hackers Gaining Huge Profits from Bug Bounty Programs
Ethical hackers have an additional path to building wealth during the COVID-19 epidemic. More and more companies are starting to embrace Bug Bounty programs, allowing developers to discover and resolve critical bugs and security exploits before the general public is aware of them. Bug bounty programs have been implemented by a large number of organizations, including Mozilla, Facebook, Yahoo!, Google, Reddit, Square, and Microsoft.
Companies outside the technology industry, including traditionally conservative organizations like the United States Department of Defense, have started using bug bounty programs. The Pentagon’s use of bug bounty programs is part of a posture shift that has seen several US Government Agencies reverse course from threatening white hat hackers with legal recourse to inviting them to participate as part of a comprehensive vulnerability disclosure framework or policy.
As of May 26, 2020, HackerOne has paid out $100,000,000 in rewards to hackers for their fantastic work in finding security flaws in software. Customers have fixed the holes, preventing cyber criminals from breaking in. Tens of thousands of ethical hackers all over the world have come together to harden our digital connected society. The one hundred million dollars they have earned in recognition of their creative work has paid for food, clothing, homes, vehicles, tuition, travel and pursuit of dreams long held. Software is better for the hackers and hackers are better for the bounties.
Tommy Devoss, AKA Dawgyg, highlights an example of someone who has taken advantage of HackerOne. He started out his hacking career in the dark depths of EFNet (IRC), evolving into a bored kid with a dark side. He broke into secure government systems and was caught. He spent 4 years in prison, coming out with some reformed thoughts on hacking. Bug Bounty programs gave Tommy a second chance at life, offering him the ability to find exploits for companies who wanted Tommy to do so! He could also make a name for himself by utilizing his skills and exposure through the HackerOne website.
As more things are connected to the internet, we will see more attacks on things in the real world. 25 years ago, when I started out we used to joke about causing real world damage; it wasn’t feasible then but it is now. We are connecting everything from cars to thermostats and this increases the danger of real world harm from computers. We are going to need a lot more security since most companies building IoT devices are not thinking about security — you think ‘who wants to hack my fridge?’ but that isn’t the issue — cybercriminals want to use that fridge as a stepping stone to gain wider access into networks and do far more damage than neglecting to inform you when the milk is out.
I like to think the defenders will win this fight, simply because there are so many of us now. While the media gives plenty of coverage to cybercriminals, making it look like they’re ahead, far less attention is given to those of us who fix things before they ever become an issue. In most cases of high profile breaches, if the company in question had a good defender on board, ensuring vulnerabilities are found and fixed and systems are updated, they often would have escaped the hack.
Criminals will continue to proliferate until we take security more seriously — we need to teach developers how to code securely. If coding courses don’t teach you to code in a secure way, everyone who goes through it will make the same problems and continue with the same insecure coding practices.
~Tommy Devoss (Dawgyg)
Hacking is here for good, for the good of all of us. The positive power of a community of ethical hackers pools our defenses against data breaches, reduces cybercrime, protects privacy, and restores trust in our digital society. HackerOne Hackers are heroes. They hack for a better world. Hackers use their knowledge with permission to test for vulnerabilities and other security weaknesses and then offer details on how companies can continuously safeguard their systems.
