Monday, April 14, 2014

HACKER WAS PAID FOR FINDING HEARTBLEED



Thank the hackers. This week's Heartbleed vulnerability has everyone running scared (see box below to read what you might do to protect yourself). The serious crack in the foundations of the supposedly secure internet was revealed earlier this week by a software engineer probing website security in his spare time. He received a cash bounty for his work, which he then donated to the Freedom of the Press Foundation, an organisation that funds encryption tools for journalists.
The idea of publicly rewarding people who discover bugs could greatly improve internet security. New Scientist spoke with Merijn Terheggen, CEO and co-founder of HackerOne, the platform through which Google's Neel Mehta received his $15,000 reward. Terheggen hopes that Heartbleed will be the first of many vulnerabilities HackerOne turns up. If his vision is fulfilled, then the rewards for discovering these dangerous holes in internet security will ramp up quickly, both in financial and reputational terms.
How can crowdsourcing fix the internet?
Any bug can be found if enough people are looking for it. We want to adopt a similar model to WikipediaMovie Camera for securing the internet. Ten years ago no one would have ever believed that an encyclopaedia written by random strangers from the internet would be better than the Encyclopedia Britannica, but that's the power of crowdsourcing. HackerOne builds both financial and reputation rewards right into the process of vulnerability disclosure. FULL ARTICLE HERE

No comments:

Post a Comment