Global software corporations are turning to hackers for help identifying cybersecurity vulnerabilities in their network and systems
Surprisingly is the fact that conservative government agencies are even beginning to welcome bug bounty hunters. For example, recently, the U.S. Department of Defense (DoD) announced its search for a commercial bug bounty company that conducts crowdsourced vulnerability discovery and disclosure.
Companies that are looking forward to bug bounty programs allow outside security researchers and white hat hackers into their networks în order to expose their vulnerabilities in a relatively controlled and managed environment. Microsoft, for example, is willing to pay up to $100,000 for the discovery and identification of some cybersecurity vulnerabilities.
A $100,000 reward may seem like a generous sum, but the reality is that security researchers or black hat hackers are able to cash in for a significantly larger prize if they’re willing to go a slightly less moral route. Because of this, there will always be two opposing forces on either side of the bug bounty market.
Nowadays your devices have all the information a hacker needs to launch further attacks on you; In order to stay away from any threats like this, we recommend the install of antivirus for Windows or antivirus for Mac on every device that you own, depending on which OS your device is running.
If you are a company, it is also recommended to hire every year a specialized cybersecurity company that will run annual tests on your company’s network. These tests include penetration testing and ethical hacking tests;
For example, black hat hackers will trade in their morals and share vulnerabilities that are almost sure to be used for nefarious purposes. For example, recently, a former employee of NSO Group attempted to sell spyware products on the Dark Web for $50 million in cryptocurrency but was later arrested in June.
Keep in mind that bug bounties aren’t always black and white, however; a gray area also exists. Some companies acquire premium zero-day vulnerabilities with functional exploits and report them, along with protective measures and security recommendations, only to their corporate and government clients. There are also quite a few companies that develop or buy vulnerabilities.
Zerodium, for example, buys zero-day vulnerabilities to create and sell tools, paying no less than $1.5 million for an iOS vulnerability that doesn’t require the victim to click or do anything before infection
While it may seem that these companies aren’t using vulnerabilities for the same nefarious purposes as those on the black market, the fact that they’re making a profit off while failing to disclose vulnerabilities publicly remains.
The good news here is that globally we’re shifting in a good direction, however slowly. The bottom line is that we need to encourage ethical hacking and promote public disclosures if we want better products that keep us safe.
Meanwhile, users should keep a keen eye out for any cyber attacks. Remember to use an antivirus for Windows or antivirus for Mac in every device that you own, depending on which OS your machine is running, If you are a company we recommend to hire every year a specialized cybersecurity company that will run annual tests on your company’s network, tests like this include: penetration testing and ethical hacking.