FEATURED
The Big Business of Smashing Bugs
SPONSORED
    • Last updated Oct 11
    • 0 comments, 30 views, 1 like

More from Andre Holmes

  • Five Ways of Looking at #Inception
    0 comments, 0 reviews , 0 likes
  • Biking
    0 comments, 0 reviews , 0 likes
  • Growing Craze of Adventure Among Youngsters
    0 comments, 0 reviews , 0 likes

More in Politics

  • Obama 2.0: Smarter, tougher -- but wiser?
    0 comments, 3,658 views
  • Audit: Taxpayer money used to pay for $222K renovation to official's bathroom
    1 comment, 1,569 views
  • The Interior Secretary\u2019s $222,000 Bathroom
    0 comments, 1,353 views

Related Blogs

  • New private banking frontiers: mobile apps, convenience & personalization
    0 comments, 2 likes
  • Volkswagen getting ready to launch the Ameo in India
    1 comment, 1 like
  • Education\u00a0in\u00a0Today\u2019s\u00a0Time
    0 comments, 0 likes

Archives

Social Share

The Big Business of Smashing Bugs

Posted By Andre Holmes     Oct 11    

Body

NEW YORK — Mr Frans Rosén is a tech entrepreneur by day and a bug bounty hunter by night. The co-founder of Detectify, a security startup in Stockholm, spends his evenings scouring websites for vulnerabilities cybercriminals could exploit. Since he began moonlighting in 2012, he’s collected US$100,000 from companies in reward for tipping them off to flaws he unearthed. “Seventy to 80 per cent of the bugs I find are not detectable by software,” says Mr Rosén, 29, who manually combs through line after line of code.

As the pace of app rollouts, website launches, and software upgrades picks up, more companies are relying on freelancers to uncover flaws. When spotted by malicious hackers, defects can open the door to devastating zero-day attacks.

Google and Microsoft have long offered rewards to those who report serious flaws in their products. More recently they’ve been joined by a handful of startups that run bug bounty programs for other businesses. “Any company that is creating technology will have bugs,” says Mr Alex Rice, who managed Facebook’s bug bounty program before co-founding HackerOne in 2011.

The San Francisco-based startup has paid a total of US$2.2 million in rewards on behalf of clients including Twitter, Secret, a social media platform, and mobile payment company Square. It makes money by charging customers a 20 per cent commission on top of each bounty. Customers determine the size of the awards. HackerOne’s network of independent hackers spans 150 countries, according to the company. Rosén says he has HackerOne to thank for his biggest haul: US$1,600 for a flaw he unearthed in Vine.com, the video-clip platform owned by Twitter.

Yahoo! ran its own bug bounty program for years, rewarding hackers with mugs and T-shirts. In 2013 it introduced a virtual “wall of fame” and monetary awards. “We created different tiers of bounties, from US$50 to US$15,000, established case by case based on the seriousness of threat,” says Mr Ramses Martinez, Yahoo’s senior director for investigations. After meeting with Mr Rice, Mr Martinez decided last year to outsource the program to HackerOne. “It really streamlined the whole process,” he says. “We’re working with folks we normally wouldn’t work with because they are spread around the world.”

The cybersecurity market is projected to expand from US$95.6 billion in 2014 to US$155.7 billion by 2019, according to MarketsandMarkets, a consulting firm. HackerOne “is the perfect solution at the right time,” says Mr Bill Gurley, a partner at Benchmark Capital, which last year invested US$9 million in the company. HackerOne competes with a handful of other startups, including Bugcrowd, Synack, and Crowdcurity.

While its client roster is heavy with tech companies, HackerOne is also chasing customers in the health, banking, retail, and telecom industries. Mr Rice acknowledges that winning over major companies won’t be easy, despite high-profile hacks at Home Depot, Sony Pictures, and JPMorgan Chase. Letting a third party like HackerOne run your bug bounty program “is more innovative than most public companies are ready for,” he says.