Using Bug Bounties to Squash Cyberattacks

December 19, 2017
Updated 6mo ago

Sometimes the best way to fight fire is with fire. That's the idea between bug bounty programs using hackers to identify vulnerabilities in the cybersecurity systems of organizations. David Baker, Chief Security Officer at Bugcrowd, a bug bounty management company, explains how his company is exterminating cybersecurity threats.

Baker says the key to cybersecurity is transparency and adds that bug bounties are a way of fostering a relationship between hackers and companies. Uber's massive hack that impacted over 57 million people wasn't due to the absence of a bug bounty program because the ride-hailing company has a robust system in place, according to Baker. He says that from an ethical perspective, Uber's handling of the hack was bad and "they broke the law."

Bugcrowd is working to boost transparency in the cybersecurity space. To do so, it is launching a new tool, called Traffic Control, to give companies more insight and control of their bug bounty programs. The tool allows organizations to uncover additional return on investment from crowdsourced security testing with enhanced visibility into researcher activity, says Bugcrowd.