What’s In A Bug Bounty?

Friday, 8/24/2018

your friends close but your enemies closer.

Following this vein of thought, tech companies and cybersecurity professionals are teaming up with hackers through bug bounty programs. Simply put, a bug bounty is a reward that an organization provides to independent, ethical hackers (called bounty hunters) for reporting vulnerabilities in its systems.

According to cybersecurity and bug bounty company HackerOne's 2017 Hacker-Powered Security Report, "Top companies are rewarding hackers up to $900,000 a year in bounties, and bounty rewards on average have increased 16 percent for critical issues since 2015." Big names like General Motors, Starbucks, Nintendo, and even the US Department of Defense have all relied upon hackers' expertise to improve their technology.

For example, financial services company Robinhood boasts a bug bounty program whereby hunters can earn up to $50,000 for their reports (the lowest bounty offered is $100). Although the company has had the program under its belt for some time, the team updated it just today:

"In the past, we weren't always clear about the types of reports we were looking for, or how we'd reward researchers for filing those reports – so we're launching a new program with bounty ranges for specific types of vulnerabilities (or 'bugs'). We want to make Robinhood a tantalizing target for researchers and it's important that, as a researcher, you know your time won't be wasted finding potential bugs in our software."

This sentiment applies to blockchain projects as well. Blockchain-based platforms are just as susceptible to security vulnerabilities as traditional applications and web assets. With the race to develop a viable product, sometimes security issues are overlooked or inadvertently introduced into systems.

Block.one, the team behind the EOS network, for instance, recently rewarded Dutch hacker Guido Vranken with $120,000 as part of its bounty program for his discovery of several vulnerabilities within the network. The EOS crew took its appreciation for Vranken's work a step further by apparently offering him a position with the organization.

CEO of HackerOne, Mårten Mickos, argues for the importance of bug bounties. "Our goal must be an internet that enables privacy and protects consumers," said Mickos, according to reporting from eSecurity Planet. "This is not achievable without ethical hackers taking an active role in safeguarding our collective security."

From a much broader perspective, the incentivization represented by bug bounty programs aligns with much of the libertarian ethos surrounding blockchain technology. If individuals are compensated for their hard work and effort, then, according to this mindset, we will theoretically have the best products and technologies. Bug bounties make sense in the cryptospace – although Medium may disagree.


Comment



Leave a reply

(Not Logged In User)