Following the news that white hat hackers have found more than 100 vulnerabilities in the Pentagon’s infrastructure under its bug bounty program, Ken Gannon, security consultant at MWR InfoSecurity commented below.
Ken Gannon, Security Consultant at MWR InfoSecurity:
“A big part to take away from all of this is US Defense Secretary Ashton Carter’s statement saying that the cost of vulnerability discovery dropped because of the bug bounty program. This is the thought process other companies should be adopting; bug bounty programs are beneficial to companies. Malicious researchers and black-hat hackers are constantly finding vulnerabilities and not disclosing them for personal gain. This leads to the internet becoming a less secure place overall, which is bad for the companies and the users alike.
“A bug bounty program makes a company more enticing for good researchers to find those same vulnerabilities and responsibly disclose them. Bug bounty programs have already helped big companies like Facebook and Google to make their product more secure for everyone. So it’s good that the US government was able to acknowledge the idea of a bug bounty program to fix their web sites and I hope more companies realize how beneficial bug bounty programs can be and start their own bug bounty programs.”