The company says its hackers, who come from 70 different countries, with India in the top spot ahead of the United States, have fixed more than 35,200 bugs.Ī few are superstars, such as Mark Litchfield, who is based in Las Vegas. HackerOne, which started in 2012 in San Francisco, now has a stable of 3,500 white hat hackers each of whom has found at least one bug, Abma said. When they find flaws in computer systems, “they don’t sell it on the black market,” he added. “A lot of the people who are currently in (computer) security have done things that they shouldn’t have done, legal-wise, but never with the wrong intention,” Abma said. He said one of the only ways to become a skilled hacker is to break into computer systems.
Jobert Abma is a cofounder of HackerOne, a bug bounty marketplace that brings together experienced hackers and companies willing to pay them to look for vulnerabilities. “If you don’t pay them enough, there’s the fear they could go rogue.”Įven if they don’t prove to be scoundrels, she said, a concern is that they may have “contacts on hacker forums who might not be on the right side of the law.” “It’s kind of a risk for companies in that you’re paying people to find flaws in your system,” said Katrina Timlin, who works in the strategic technologies program of the Center for Strategic and International Studies, a Washington think tank. Instead of the term “hackers,” Synack refers to its penetration testers as white hat security researchers. “When you talk to customers, ‘hackers’ can sometimes be a little bit scary,” acknowledged Jay Kaplan, chief executive of Synack, a Redwood City, California, company that crowdsources vulnerability for clients.
Asked what illegal hacking he had done, the Dutchman said, “I do not want to answer that question.”įor corporations looking to improve digital security, the idea of flinging network gates open to hackers, some of whom won’t even identify themselves, can be nerve-jangling. “I’m one of the white hat hackers who’s been a black hat hacker,” he said.
0 kommentar(er)
