Awards Offered to Hackers That Spot Vulnerabilites

By Dylan Walco,
Tech & Innovation Writer

The internet and the idea of inter-web connection has changed the world by far for the better, yet just like every good thing that comes along it has its flaws and hence has the ability to be corrupted by “the bad guys”. This past week DoD, or the United States Department of Defense, has opened up the flood gates for hackers to register to win cash prizes for hacking the Pentagon and exploiting key bugs that allow expert hackers to collect cryptic data from U.S. intelligence.  It truly does take a thief to think like one.

This past week ZDnet reported that the Pentagon partnered up with HackerOne, which is a firm dedicated to supplying companies with top hackers and facilitates payments to them in turn for their services. Since hacking is a truly specialized talent (even to this day) individuals who are able to uncover critical malfunctions can receive payments up to $10,000. This is still a rough estimate since the program was only allocated $150,000 in funding.

These kinds of Bug Bounty programs are not something new either, they have been utilized within the government in smaller scale activities and private firms such as Google, Facebook and Microsoft who operate almost entirely online, and have built complex and heavily scripted public websites have used these “white hat hackers” to make clear their short comings when it comes to spotty script or lack luster firewalls. But just recently have less tech and innovation savvy companies taken on this ideology as well, companies that produce medical devices, healthcare organizations, car companies and even home appliance makers have taken on the initiative to make sure their customers’ information (including credit history, medical issues etc.) is as safe and secure as possible according to Wired.

Now the theory in general seems very reasonable, hire these Robinhood hackers who reveal vulnerabilities and in return they receive a hefty payment. But it goes deeper, and for this to become the norm within companies a couple of bugs must be fixed. One of the major ones being criminal background checks. Making sure that these individuals do not have malicious intent is key to the program running smoothly, especially when it comes to the U.S. Department of Defense.

Another major issue coming from this revolves around the response time it would take for the internal tech engineers to recognize and confirm an issue that the hacker may have found.  Having programs like this are useful but add to the overall workload of the company. A smaller firm that wishes to partake in something like this would have to allocate much more responsibility on workers. Communication would have to be constant and the margin of error would be very slim when it comes to protecting the integrity of the customer’s personal information.

It is a necessary good when it comes to strengthening the security of sensitive information, whether it be something as large as DoD or a small startup firm. Once the bugs and moral issues of the bug bounty programs are dealt with, this has the potential to be the greatest application of stereotypical evil in the modern computer age. Hackers with their new found light of public website evangelism can use what they have so long been shamed for, for the greater good.  The future is bright and the open minds of many have the potential to truly securitize the web.

A version of this article appeared in the Tuesday, April 12th print edition.

Contact Dylan at
dylan.walco@student.shu.edu

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s