To fulfill our mission of helping internet users “enjoy safer technology,” ESET has many tools at its disposal. This includes highly awarded security products, widely recognized malware research, and public security awareness and outreach via WeLiveSecurity. However, there is another critical tool that often falls under the radar: bug hunting.
ESET intensively cooperates and collaborates with other security vendors, professional bodies, and the talented open community of software developers, researchers, engineers, and, well … hackers. The hackers in question are the ethical type and may hold any of the aforementioned professions, or they may be students and coding enthusiasts who have a keen eye for anomalies in software code and product function.
This community constitutes an army of curious, dedicated, and talented ethical hackers who act as a network of global IT talent that ensures that software, including ESET security software, is as functional and safe as possible.
Organizing chaos — bug hunting at scale
Via globally available bug bounty programs, software of all kinds receives thorough crowdsourced testing conducted by an incredible diversity of talented bug hunters. From games and productivity platforms and financial applications, security-minded bug hunters help to de-risk and improve critical detection, protection, and analysis software that keeps the internet, the most fundamental piece of critical infrastructure, safe.
When imagining the diversity of software needed to operate the internet securely, and the multitude of other software interacting with it, we start to see the scale of the task of debugging and de-risking software. Since software (and its code) is constantly evolving, each iteration can and should be checked for bugs and vulnerabilities.
Via Hacktrophy, a Slovakia-based bug bounty platform, ESET and partnering organizations Citadelo and Nethemba, all active in cyber security, set out to help open another avenue to secure the internet and, as a beneficial side effect, advance opportunities for both local and global talent development. The results? Increasing interest in Hacktrophy’s platform from both ethical hackers and companies looking to test their apps, portals, and enterprise-grade software year over year — signals that both the mission and the goals are being met.
Hacktrophy has responded well to business demand and the growing pressure on software providers and security technologists alike to secure code. And just as software itself evolves, so is Hacktrophy’s approach evolving.
<image 1. Growth in Hacktrophy bounties>
“Simply, we are upping our game. Increasing the bug bounties at Hacktrophy reflects the significant growth of our platform, but more importantly, an understanding of the critical role that bug hunters play in creating a safe IT ecosystem,” explained Peter Katrinec, managing director at Hacktrophy.
Katrinec continued, “the COVID-19 pandemic has put an exclamation mark on that with a massive uptick in the exploitation of bugs, security issues, and large-scale vulnerabilities, which can bring global consequences.”
Hacking into a career?
Many IT talents enjoy a diversity of challenges, including coding in multiple languages, reverse engineering, penetration testing, and IT administration, all of which can be applied to bug hunting. Curiosity aside, bug hunting can lead to bigger rewards, whether in cash or opportunities to propel a budding cybersecurity career.
Cash rewards are usually paid out via bug bounty programs, which are supported by thousands of software vendors globally — vendors whose products are in the hands of everyone from governments, large organizations, and businesses all the way down to the billions of entrepreneurs and home computing, mobile, and IoT technology users. Getting involved with Hacktrophy’s bug bounty program is easy for both ethical hackers and businesses aiming to improve security.
Security, a growth industry
These IT talents can ethically apply their knowledge to search for vulnerabilities in projects and products. These platforms act as intermediaries between ethical hackers who are hunting for bugs and the companies that need to identify and patch them. For an idea of scale, among the largest bug bounty platforms, Verizon Media regularly tops rankings in total payouts, reaching over $9.4 million USD in 2019, with the largest single award paid out at a record-setting $70,000.
While cash motivations can be significant, contributing to security in this way opens many options — for example, careers in cybersecurity. From security administration to penetration testing to malware research, the scope of work open to people looking to help secure software is vast.
With digitalization intensifying, so is the number of threat surfaces and other risks to the internet as a piece of critical infrastructure. Hacktrophy addresses this via a diverse set of service packages that cover short-term reviews of smaller applications, long-term testing where software may have a role in the collection of regulated data, and customized service packages delivering scheduled tests, audits, and other custom projects.
Motivated? Ethical? Interested?
You can check out the ESET vulnerability reporting portal here, or register with Hacktrophy to share your brief, or for hackers … access a diversity of projects and cash bounties that may suit your specific interests and skills.