What are Bug Bounties?
Legacy signals
Legacy popularity: 1,015 legacy views
A bug bounty refers to the reward a bad-guy hacker gets upon discovering a vulnerability, weakness or flaw in a company's system.
This is akin to giving a reward to a burglar for pointing out weaknesses in your home's security.
But whom better to ask than a burglar, right? Same with a company's computer systems: The best expert may be the black hat or better, white hat hacker.
An article at bits.blogs.nytimes.com says that Facebook, Google, Microsoft, Dropbox, PayPal and Yahoo are on the roster of companies that are offering hackers bounties for finding "bugs" in their systems.
A "zero day bug" refers to an undiscovered flaw or security hole. Cybercriminals want to know what these zero day bugs are, to exploit for eventual hacking attempts. There is a bustling black market for these non-identified bugs.
Compounding the issue is that it is becoming easier for Joe Hacker to acquire the skills to infiltrate—skills that common hackers never would have had just a few years ago, and especially a decade ago. So you can see how important it is for businesses to hire the best at finding these bugs and rewarding them handsomely.
So yes, hackers are being paid to report bugs. The bits.blogs.nytimes.com article says that Facebook and Microsoft even sponsor an Internet Bug Bounty program. Such a program should have been started long ago, but it took some overlooked bugs to motivate these technology companies to offer the bounties.
Heartbleed is an example. Remember that? It was a programming code mistake that affected certain SSL certificates—which help protect users on a secure website. As a result, over a dozen major tech companies began an initiative to, as the bits.blogs.nytimes.com article says, "pay for security audits in widely used open-source software."
So as clever as bug bounties sound, it shouldn't be regarded as the be-all end-all solution. How about an incentive to get developers to implement secure, mistake-free coding practices? Well, companies are trying. And they keep trying. But with humans behind the technology, there will always be mistakes.
Article author
About the Author
Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing identity theft prevention.
Further reading
Further Reading
Article
Setting Goals – Things to Think About
We hear a lot about the steps we should take to achieve our goals, however unless we take the first steps to realistically consider who and what we are right now – our capabilities and interests – and think logically about what we’d like to accomplish, our chances of achieving our “goal” are slim to none. Here are a few things to think about when you’re trying to decide what you’d like to do. 1. Your goals need to be your goals Not your spouse’s or significant other’s, not your friends’, parents’, children’s, etc. - YOURS! 2.
Related piece
Article
Your Uber Driver May be a Criminal
Do you Uber? If you do, you probably feel pretty safe getting into the car of a stranger. However, you might not be as safe as you think.
Related piece
Article
Candy Bouquets with a Surprise in the Bottom
Being a mom who loves to celebrate Valentine's Day with her children just as much as she does with her husband, I am always on the look out for something fun, different, and inexpensive that I can do for the kids. Last year, our grocery store was selling cute candy bouquets, but the price tag was a hefty $30 for a maximum of $10 worth of supplies. After taking a couple of inconspicuous pictures, I began searching through the store for the same items that they had used to make their bouquets.
Related piece
Article
Celebrate World Password Day in 2016 With These Tips
Each year, researchers in security take the time to rate some of the worst passwords found on the Internet. While popular pop culture events have caused waves with the list of the worst passwords of 2015 - think "solo," "starwars," and "princess" - the worst passwords of last year were still the usual suspects, "password," "123456," and "qwerty."
Related piece