Bug bounty programmes offer hope for cyber skills gap

clock • 2 min read
Bug bounty programmes could bring new minds into tech. Source: Intigriti
Image:

Bug bounty programmes could bring new minds into tech. Source: Intigriti

Half of survey respondents used bug bounty programmes to increase their security knowledge

Software is a massive industry, enabling fast, reliable operations even when everyone is working from home. Protecting those vital systems is key to ensuring work can continue; however, security professionals are increasingly finding that on-the-job training is not enough when it comes to keeping up with the rising scale and sophistication of attacks.

According to a new survey of nearly 1,200 ethical hackers by vulnerability disclosure platform Intigriti, security professionals are turning to bug bounty programmes - whereby white hat hackers can legally report bugs to an organisation for a reward - to keep their skills and knowledge up to date.

Half of the respondents to Intigriti's survey said they used bug bounty hunting to learn useful, relevant knowledge, compared to just 11% who said their job was their primary source. That makes bounty hunting the second-most-popular resource for developing general information security, just after the element that is tried and true across industries: practice.

The same was true for traditional education. Seventy-eight per cent of respondents said bounty hunting was the best resource for building a toolset of information about security, versus 8% who favoured a school, college or university.

The survey results may indicate that bug bounty hunting is a valid path to tackle the cybersecurity skills shortage: 32% of respondents were students, and 86% described themselves as 'part-time' bounty hunters.

The pandemic has also helped drive more people towards the practice. In comparison to a similar survey from pre-pandemic, 59% of respondents said they are spending more time bounty hunting - with 74% saying they were doing so to increase their skills, and just over half (53%) saying they saw it as a path to increase their earnings.

Intigriti's Head of Hackers, Inti De Ceukelaire, said:

"The work-from-home culture has made employees desire more independence and has further encouraged digital nomads to pursue a remote working career. Bug bounty platforms can not only facilitate this, but they also allow people to work wherever they want, whenever they want, and without having to rely on a boss to match their talents with customers or be part of a corporate hierarchy."

Download Intigriti's full report here

More on Security Technology

Industry Voice: Unconscious bias toward technology choices

Industry Voice: Unconscious bias toward technology choices

By Misty Decker, Director of Worldwide AMC Product Marketing at Micro Focus
clock 23 June 2022 • 5 min read
Ransomware gang deploys BlackCat to attack hotel and creates searchable website of hacked data

Ransomware gang deploys BlackCat to attack hotel and creates searchable website of hacked data

Cyber-criminal groups have recently ramped up their use of Ransomware-as-a-Service (RaaS) BlackCat/ALPHA-V, first identified by security researchers in November 2021, and upped the ante by publishing the hacked data on a dedicated website.

clock 15 June 2022 • 1 min read
Okta eats own dog food on WFH, tightens supplier access after Lapsus$ incident

Okta eats own dog food on WFH, tightens supplier access after Lapsus$ breach

Okta contracts are 100% work from home, says senior solutions engineer Craig Hinchliffe

John Leonard
clock 13 June 2022 • 2 min read