Hacking is no longer a naughty word. Google, Facebook, and Microsoft are employing hackers to help them test products and services. Even the government employed hackers to test their cyber security. Could employing a hacker help your company? Below are five examples of how organizations are using friendly hacking to improve their business:
In 2013, Facebook had a rude awakening. A computer science student exploited the social network’s vulnerability and posted a letter to Mark Zuckerberg’s page. The student Khalil Shreateh tried to notify the team prior but they claimed it was not a valid threat. By that time Facebook already established a bug bounty program but this incident made them take a bit more notice. Now participants in the program can report security bugs about Facebook or their qualifying products, such as Atlas, Instagram, Moves, Oculus, and WhatsApp.
Earlier this year, the U.S. Department of Defense (D.o.D) launched the Hack the Pentagon program. The program enlisted professional hackers to discover weaknesses in the D.o.D’s public websites, applications, and security systems. The government recently expanded the program to Hack the U.S Army. The new program focuses on hackers finding vulnerabilities in “mission critical” parts of the Army’s infrastructure.
Google has several bug bounty programs set-up. One of the highest paying programs is for their Chromebook. The company increased the reward after seeing persistent compromises. Google is not slowing down with new products, so their bug bounty programs will continue to grow.
Last year, United Airlines became the first airline to start a bug bounty program. Security expert, Chris Roberts, discovered security flaws in the in-flight entertainment systems. United Airlines didn’t recognize his discovery as eligible for a reward, but the ordeal helped them set-up their program. The airline rewards hackers with mileage points.
Due to the high demands for hackers, cybersecurity firms are beginning to spring up. Companies like Synack, HackerOne, and Bugcrowd provide security experts for hire. These experts test new products, and services to find the bugs. The government has given a yearlong contract to both HackerOne and Synack. Bugcrowd has worked with companies like Fitbit and Fiat.