Pay the Good Guys and Girls More!

Pay the good guys and girls more!  

It seems like every day there is a new hacking story. In an attempt to better protect themselves against vulnerabilities, many organisations and governments offer Bug Bounties.

A Bug Bounty being a financial reward for ‘White hat’ hackers (the good guys and girls) to find vulnerabilities before the not so ethical hackers.

For example, Arne Swinnen (@arneswinnen) who published details of how to abuse two-factor authentication phone calls to steal large amounts of money from the likes of Facebook, Google and Microsoft. The companies didn’t verify the phone numbers that their users supplied to receive a security token for authentication. An attacker successfully exploiting Google’s call-back system could potentially earn as much as $1755 a day or over $640k a year.

For his great work Arne received $661. [1]

We are now in the age of IoT with anything from a fridge to a car being digitally connected. Cars can now be hacked [2], check out the link below. Imagine driving down the highway at 100km per hour and suddenly your ignition cuts out. We are no long talking about data loss or financial loss but loss of life. Simply put the more technology the more hackable a car is.

Fiat Chrysler Automobiles will pay a MAXIMUM of $1500 (USD) as part of their bug bounty. A figure that has been described as “laughable”. [2]

Governments are also taking action and recently the Pentagon invited 1400 hackers, one of those participants was 18-year-old David Dworken (@ddworken) to participate in ‘Hack the Pentagon’. The result being 138 eligible bug reports and around $75,000 (USD) paid out to the program.

It’s not bad money, I just think that for the time it takes to develop such skills and the potential losses involved there should be better rewards.

In my opinion organisations and governments need to better reward those that are doing great work in protecting people’s data, stopping financial crime and even saving lives and better incentivise those that might be on the fence that ethical hacking can be rewarding.

Thanks for reading. Please share your opinion, I would love to hear more.

Ricki Burke – Recruiting the best Security (InfoSec/ Cyber Security) professionals across Australia



Leave a Reply