Young bounty hunter discovered a security vulnerability in Instagram, which allowed him to delete account information, Paul Farrington, Senior Solution Architect at Veracode explore the value of bounty programmes..
Paul Farrington, Senior Solution Architect at Veracode:
“That once again a young adult was able to learn techniques picked up from YouTube and online articles to successfully hack a high profile brand continues to demonstrate the value of Bounty programmes and responsible disclosure to companies.
“For while in this case, no users’ content was at risk as the bug was found as part of a bounty programme, organisations can’t all rely on ethical hackers to find the flaws for them. Malicious actors are constantly applying the same techniques to websites and applications, and breaches or unwanted activity can be expected as a result. Indeed, last year Gartner suggested more than 75 per cent of mobile applications would fail basic security tests.
“With growing awareness of application security, bounty programmes provide those with good competences in IT to explore this domain, providing them with a safe and positive system in which to do it – with the added monetary incentives. Indeed, only recently Rene Wysopal, Veracode co-founder Chris Wysopal’s daughter, demonstrated she’d inherited her father’s curiosity and prowess for application security when she discovered a valuable bug as part of Facebook’s bug bounty programme.”