This post was first published on 19 April 2022
Following up on the article below, here is a real world example of bug bounties working to improve cybersecurity.
The US Government’s Department of Homeland Security (DHS) worked with a group of cyber security analysts, who uncovered 122 vulnerabilities in the DHS systems – 27 of them were critical. This will allow the DHS to fix the issues.
Homeland Security bug bounty program reveals 122 holes • The Register
Hack DHS: Homeland Security’s first bug bounty turns up 122 vulnerabilities | ZDNet
There will be people who say those flaws should not have been there in the first place, and they are right but they are also displaying their lack of knowledge on how complex IT systems work in the real world. Cyber security works best trying to balance the “keep it secret” because we do not want the hackers to know this stuff and “exposing the issues to sunlight” because the hackers hate it when we share as they can no longer exploit in the dark corners of our systems.
The bottom line is – find out if you have a problem and fix it (hopefully) before it is exploited.
Clive Catton MSc (Cyber Security) – by-line and other articles
Microsoft has increased the bug bounties for significant vulnerabilities in key software:
Microsoft Dynamics 365 and Power Platform
Further Reading
Bounty Everything by Ryan Ellis & Yuan Stevens – (datasociety.net)
