The upshot of the information age is that “software is eating the world”. In a rush to create digital code and services, companies competing to be the first to market do not prioritise cyber security — even though security problems and software bugs are a known certainty. When even secure organisations experience data breaches and security incidents, it is clear they need all the help they can get.
Surprisingly, software giants now encourage hackers to hack them. Companies such as Google, Microsoft and Facebook have been doing this since 2010, in what are called “vulnerability reward programmes”, or more commonly “bug bounty programmes”. In an echo of the American wild west, companies offer independent security researchers the chance to win rewards and recognition for identifying critical security problems — software vulnerabilities that could put us all at risk.
While 2016 may have been “the year of the hack”, including the huge denial-of-service internet outage in the US in October, 2017 could be “the year of the friendly hack”. There are more bug bounty programmes in traditional industries, outside Silicon Valley.