https://www.iotworldtoday.com/wp-content/themes/ioti_child/assets/images/logo/footer-logo.png
  • Home
  • News
    • Back
    • IoT World 2020 News
  • Strategy
  • Special Reports
  • Galleries
  • Business Resources
    • Back
    • Webinars
    • White Papers
    • Industry Perspectives
    • Featured Vendors
  • Other Content
    • Back
    • IoT World 2020 News
    • Q&As
    • Case Studies
    • Features
    • How-to
    • Opinion
    • Video / Podcasts
  • More
    • Back
    • About Us
    • Contact
    • Advertise
    • Strategic Partners
  • IOT World Events
    • Back
    • Internet of Things World: San Jose
    • IoT World 2020 News
Iot World Today
  • NEWSLETTER
  • Home
  • News
    • Back
    • IoT World 2020 News
  • Strategy
  • Special Reports
  • Galleries
  • Business Resources
    • Back
    • Webinars
    • White Papers
    • Industry Perspectives
    • Featured Vendors
  • Other Content
    • Back
    • IoT World 2020 News
    • Q&As
    • Case Studies
    • Features
    • How-to
    • Opinion
    • Video / Podcasts
  • More
    • Back
    • About Us
    • Contact
    • Advertise
    • Strategic Partners
  • IOT World Events
    • Back
    • Internet of Things World: San Jose
    • IoT World 2020 News
  • newsletter
  • IIoT
  • Cities
  • Energy
  • Homes/Buildings
  • Transportation/Logistics
  • Connected Health Care
  • Retail
  • AI
  • Architecture
  • Engineering/Development
  • Security
ioti.com

Security


Why Bug Bounty Program Firm HackerOne Is Gamifying Cybersecurity

  • Written by Brian Buntz
  • 9th August 2018

The chief executive officer of HackerOne, maker of a quickly growing bug bounty program platform, draws inspiration from eSports

The startup HackerOne doesn’t fear hackers. It glorifies them. Elite security researchers using the firm’s bug bounty program are commemorated on comic book covers the firm commissions. The company plasters the faces of some of its most-talented hackers in its promotional materials and, earlier this year, extolled their talents in front of the U.S. Senate’s Subcommittee on Consumer Protection, Product Safety, Insurance and Data Security in a discussion.

The fundamental goal of the company is, of course, aligned with that of traditional cyber firms: They want to help their clients reduce cyber risk. But the company’s financial model stands out from many in that its clients pay for quantifiable results. If a security researcher identifies a valid security bug that its internal vulnerability response team validates, then the client pays for that disclosure. “You know it’s money well spent,” said HackerOne’s Chief Executive Officer Mårten Mickos. “It’s a bit like going to the dentist. If they don’t find anything, you’re happy. If they do find something, you are glad they found it.” If researchers find a minor or major vulnerability, the payout is proportional.

HackerOne isn’t the only company to offer a bug bounty platform. Bugcrowd and Synack offer similar crowdsourcing-based offerings. In addition, large tech companies such as Apple, Facebook, GitHub, Google and Intel offer bug bounty programs. But HackerOne is the biggest firm of its kind and is rapidly expanding. It’s grown its head count from 60 to 140 in the past year. According to Crunchbase, the company has raised $74 million to date, after scoring $40 million in Series C funding earlier this year. “We have more money in the bank than [our competitors] have raise,” Mickos said.

The number of verticals the company works with is expanding from an initial focus on consumer-facing companies to include health care clients, automotive firms and government agencies such as the European Commission, the U.S. General Services Administration and the U.S. Department of Defense. Internet of Things applications are a growing focus, but Mickos also stresses that many IoT devices are equipped or attached to user interfaces on mobile apps, websites or internal networks. “IoT security is not just a matter of securing the device. It’s also a matter of securing the software that operates on the device,” Mickos said. “We will not stop at anything. We do Web, IoT, mobile, API, on-prem software and CPUs.”

As organizations continue to deploy more connected devices and the level of cyber awareness steadily increases, so does the volume of cybersecurity products, vendors and noise. While time-worn defense such as firewalls, encryption, threat detection software and so forth are all essential, a cybersecurity strategy based solely around discrete cyber products can offer unclear benefits.

As of May 2018, cybersecurity professionals using the HackerOne platform have identified 72,000 vulnerabilities.

As the company’s community matures, so does the quality of the incoming reports from cybersecurity researchers. In 2015, 68 percent of the cybersecurity reports in public programs either had clear or nominal benefits for the organizations launching the programs. In 2017, that number had climbed to 74 percent.

Mickos is upbeat that HackerOne will become more effective at identifying vulnerabilities as it experiments with pooling the resources of elite hackers. At Black Hat, the company is launching a live cybersecurity event with 100 of its most elite hackers flown in from across the world. “They are collaborating with each other, competing against each other,” Mickos said. In the future, the firm plans to build on this experiment, drawing gamification lessons from the world of eSports to magnify the talents of hackers. “We are already good, but we could be better,” Mickos said.

Tags: Security Features

Related


  • Image shows a digital background depicting innovative technologies in security systems,
    Securing IoT Devices With Zero Trust Requires Mindset Shift
    Zero-trust approaches require a shift in mindset to ensure IoT devices have rigorous security policies applied — and the work is never done, say IT pros.
  • An Integrated Approach to IoT Security
    This e-book provides a comprehensive framework to help organizations reduce risk in IoT products and environments.
  • Securing IoT at the Edge Is Key to Safe IoT Operations
    With unsecured IoT devices at the edge, IoT environments are vulnerable to malicious threats that disrupt operations.
  • Building a Foundation for AI in Cybersecurity
    Making effective use of AI in cybersecurity demands a careful approach.

2 comments

  1. Avatar Howard Tarler 9th August 2018 @ 8:16 pm
    Reply

    How can the client be sure that the bug wasnt placed by the hacker that “discovered” it?

  2. Avatar Brian Buntz 14th August 2018 @ 12:50 am
    Reply

    There’s a review process companies like this use before they money is paid to the hacker. In theory, if the hacker inserted a bug and then “discovered” it, that person wouldn’t get paid.

Leave a comment Cancel reply

-or-

Log in with your IoT World Today account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Related Content

  • Developing a Critical Infrastructure Cybersecurity Strategy
  • Addressing IoT Security Challenges From the Cloud to the Edge 
  • Why IoT Certification Could Boost Your Career
  • Cybersecurity Crisis Management During the Coronavirus Pandemic

News

View all

Private LTE Market Projected to Grow to $13 Billion

12th January 2021

IoT World Announces 2021 IoT World Advisory Board

9th December 2020

White Papers

View all

Smart and Flexible Automotive and Tire Production

20th December 2020

Unlock the Potential of Digital Transformation in Oil & Gas

15th December 2020

Special Reports

View all

Cybersecurity Protection Increasingly Depends on Machine Learning

28th October 2020

Webinars

View all

From Insights to Action: Best Practices for Implementing Connected Device Security

15th December 2020

Real Cyber Threats and Best Practices Cyber Security Strategy and Solutions for Smart Manufacturing

1st December 2020

Galleries

View all

Top IoT Trends to Watch in 2020

26th January 2020

Five of the Most Promising Digital Health Technologies

14th January 2020

Industry Perspectives

View all

IoT Spending Holds Firm — Tempered by Dose of ‘IoT Pragmatism’

1st December 2020

The Great IoT Connectivity Lockdown

11th May 2020

Events

View all

IoT at the Edge

17th March 2021

Embedded IoT World 2021

28th April 2021 - 29th April 2021

IoT World 2021

2nd November 2021 - 4th November 2021

Twitter

IoTWorldToday, IoTWorldSeries

Protecting Your Network Against Ripple20 Vulnerabilities dlvr.it/RrJhpD https://t.co/Q2xe5hoy4U

25th January 2021
IoTWorldToday, IoTWorldSeries

The DOD turned to #kubernetes #containers for #IoTdevelopment to brace for rapid change. dlvr.it/RqzsLz https://t.co/t8W7coEdZN

20th January 2021
IoTWorldToday, IoTWorldSeries

Food for thought: Food and Beverage Industry eBook @ROKAutomation dlvr.it/Rqz00T https://t.co/Z3y18vuozF

20th January 2021
IoTWorldToday, IoTWorldSeries

Facility of the Future dlvr.it/Rqyzvm https://t.co/ytpsOUTtGP

20th January 2021
IoTWorldToday, IoTWorldSeries

A new day in automotive production #digitalmanufacturingsolutions @ROKAutomation dlvr.it/RqyrNS https://t.co/yxPFrBZGVg

20th January 2021
IoTWorldToday, IoTWorldSeries

Unlock the potential of digital transformation in Oil & Gas @ROKAutomation dlvr.it/RqyrBV https://t.co/kzHcGjf2OK

20th January 2021
IoTWorldToday, IoTWorldSeries

.@Airbus’s #datdriven #digitaltransformation focused on getting its existing data in order rather than just gatheri… twitter.com/i/web/status/1…

19th January 2021
IoTWorldToday, IoTWorldSeries

#EdgeNLP enables devices to do much more #NLP locally that better approximates human conversation.… twitter.com/i/web/status/1…

19th January 2021

Newsletter

Sign up for IoT World Today newsletters: vertical industry coverage on Tuesdays and horizontal tech coverage on Thursdays.

Special Reports

Our Special Reports take an in-depth look at key topics within the IoT space. Download our latest reports.

Business Resources

Find the latest white papers and other resources from selected vendors.

Media Kit and Advertising

Want to reach our audience? Access our media kit.

DISCOVER MORE FROM INFORMA TECH

  • IoT World Series
  • Channel Futures
  • RISC-V
  • Dark Reading
  • ITPro Today
  • Web Hosting Talk

WORKING WITH US

  • Contact
  • About Us
  • Advertise
  • Login/Register

FOLLOW IoT World Today ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookies Policy
  • Terms
Copyright © 2021 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X