Inside the big bad business of smashing bugs
New marketplaces let cos tap the skills of ethical hackers
By Bloomberg | Updated:
By Serena Saitto
Frans Rosén is a tech entrepreneur by day and a bug bounty hunter by night. The co-founder of Detectify, a security startup in Stockholm, spends his evenings scouring websites for vulnerabilities cybercriminals could exploit.Since he began moonlighting in 2012, he's collected $100,000 from companies in reward for tipping them off to flaws he unearthed.
"As the pace of app rollouts, website launches, and software upgrades picks up, more companies are relying on freelancers to un cover flaws. When spotted by malicious hackers, defects can open the door to devastating zero-day attacks. Google and Microsoft have long offered rewards to those who report serious flaws in their prod ucts. More recently they've been joined by a handful of startups that run bug-bounty programs for other businesses. "Any company that is creating technology will have bugs," says Alex Rice, who managed Facebook's bug bounty program before co-founding HackerOne in 2011.
The San Francisco-based startup has paid a total of $2.2 million in rewards on behalf of clients in cluding Twitter, Secret, a socialmedia platform, and mobilepayment company Square. It makes money by charging customers a 20% commission on top of each bounty. Customers determine the size of the awards. HackerOne's network of independent hackers spans 150 countries, according to the company.
Rosén says he has HackerOne to thank for his biggest haul: $1,600 for a flaw he unearthed in Vine.com, the video-clip platform owned by Twitter. Yahoo! ran its own bugbounty program for years, rewarding hackers with mugs and Tshirts. In 2013 it introduced a virtual "wall of fame" and monetary awards.
Frans Rosén is a tech entrepreneur by day and a bug bounty hunter by night. The co-founder of Detectify, a security startup in Stockholm, spends his evenings scouring websites for vulnerabilities cybercriminals could exploit.Since he began moonlighting in 2012, he's collected $100,000 from companies in reward for tipping them off to flaws he unearthed.
"As the pace of app rollouts, website launches, and software upgrades picks up, more companies are relying on freelancers to un cover flaws. When spotted by malicious hackers, defects can open the door to devastating zero-day attacks. Google and Microsoft have long offered rewards to those who report serious flaws in their prod ucts. More recently they've been joined by a handful of startups that run bug-bounty programs for other businesses. "Any company that is creating technology will have bugs," says Alex Rice, who managed Facebook's bug bounty program before co-founding HackerOne in 2011.
The San Francisco-based startup has paid a total of $2.2 million in rewards on behalf of clients in cluding Twitter, Secret, a socialmedia platform, and mobilepayment company Square. It makes money by charging customers a 20% commission on top of each bounty. Customers determine the size of the awards. HackerOne's network of independent hackers spans 150 countries, according to the company.
Rosén says he has HackerOne to thank for his biggest haul: $1,600 for a flaw he unearthed in Vine.com, the video-clip platform owned by Twitter. Yahoo! ran its own bugbounty program for years, rewarding hackers with mugs and Tshirts. In 2013 it introduced a virtual "wall of fame" and monetary awards.
Download
The Economic Times Business News App for the Latest News in Business, Sensex, Stock Market Updates & More.
The Economic Times Business News App for the Latest News in Business, Sensex, Stock Market Updates & More.
Download
The Economic Times News App for Quarterly Results, Latest News in ITR, Business, Share Market, Live Sensex News & More.
The Economic Times News App for Quarterly Results, Latest News in ITR, Business, Share Market, Live Sensex News & More.
ADVERTISEMENT
