“When people think of the word hacker they often think of a bad person,” he explained, adding that “for us at HackerOne, if you use your hacking skill to find vulnerabilities, and then report those vulnerabilities to the companies affected so they can fix them, that is an ethical hacker.”
He stated that those who undertake hacking for nefarious purposes should simply be labelled “criminal.”
HackerOne is a company that works with the global hacker community to uncover security vulnerabilities in organizations throughout the world. Prins revealed it now has over 2000 customers on its platform with 900,000 hackers signed up to it, who together have so far discovered around 200,000 vulnerabilities.
He explained that it was much trickier starting out back in 2012, however, with limited response from many organizations when it contacted them about security weaknesses it had uncovered. It was those companies “born on the internet” such as tech firms in Silicon Valley that were far and away the most receptive to the concept of ethical hacking.
This is now changing, according to Prins. “Over the years, we’ve seen more traditional companies start to embrace it, from big banks like Goldman Sachs all the way to government institutions like the US Department of Defense,” he said.
Working with these more conventional organizations has meant that as well as finding vulnerabilities, it is also important for an ethical hacking service such as HackerOne to help provide the solutions. Prins commented: “You definitely need a process in place that allows you to remediate vulnerabilities, and typically those have to happen fast because if you find a critical vulnerability you can’t wait a couple of weeks to start fixing it.”
He outlined that the types of vulnerabilities discovered vary significantly, ranging from gaining access to sensitive data to being able to open a bridge.
Source: Infosecurity Magazine