White Hat Hackers Ferret Out Vulnerabilities

In an interview on the CyberVista site, Debby Chang of HackerOne discusses ethical (white hat) hacking. Ethical hackers are often employed by companies that fear their cybersecurity systems have left vulnerabilities unpatched and use White Hats to add an extra layer of protection. According to Chang, ethical hackers are motivated by their interest in finding vulnerabilities, an interest in protecting brands that they like and the desire to improve their skills. She noted that less than 15 percent of the 350,000 hackers that partner with HackerOne are driven by so-called bug bounty payouts, payments that are given to researchers who discover security vulnerabilities. She says that while penetration testing has become more common today, continuous vulnerability testing provides greater value. Her organization has coordinated bug bounty programs with the U.S. government. The first iteration of Hack the Pentagon alone uncovered 138 “unique, legitimate, and eligible for a bounty” vulnerabilities. Companies that use the service include Apple, Salesforce, Twitter, and Microsoft.