HackerOne Co-Founder Details the Value of Bug Bounty Programs
VIDEO: Alex Rice, co-founder and CTO of HackerOne, discusses the benefits of bug bounty programs and why organizations can never buy every software bug.In recent years, it has become increasingly obvious that bug bounty programs can be effective tools to help organizations secure application code. At one time, bug bounty programs were the realm of large organizations only, but that has changed in the last few years, thanks to the emergence of bug bounty platforms, such as HackerOne and its rival Bugcrowd. In a video interview with eWEEK, HackerOne co-founder and CTO Alex Rice explains where the roots of his company come from and how bug bounty programs can work to help improve security for us all. "HackerOne is a technology platform that helps people that are interested in working with hackers, and [helps] the security community put a lot more structure and process around how they engage with that community," Rice told eWEEK. From a financial perspective, bug bounty programs typically involve an organization paying a reward or a bounty to a security researcher for responsibly disclosing a vulnerability. Rice explained that when an organization chooses to reward a researcher, a commission is paid to HackerOne. If there is ever a time when bugs are no longer found in software, Rice noted that HackerOne would be out of business, but he doesn't expect that to happen any time soon.
Rice emphasized that while HackerOne has a platform that can enable bug bounties, it's ultimately up to his customers to decide what they want to reward and what type of bugs are actually important.