A vulnerability disclosure company, such as HackerOne, connects businesses with security researchers to resolve their security vulnerabilities. HackerOne’s network of 70,000 hackers have earned more than $10 million in bug bounty rewards for solving companies’ problems. The hackers, who range from teens to highly specialized academics to security pentesters with day jobs, are vetted through a reputation system that tracks what the individuals have done when they’ve identified vulnerabilities and reported them, Rice says. The framework lets people practice their hacking skills “in a way that demonstrates their good intent,” Rice says. Proven ethical hackers can then be invited to work on privileged projects, such as the “Hack the Army” event.
“Organizations realize that the only way to get ahead of criminals is to work with those with the skills but none of the [criminal] motivation,” Rice says. “It does take one to know one.”
Sign up for Computerworld eNewsletters.