Marten Mickos, CEO of HackerOne, details the benefits of bug bounties, and why their success at the Defense Department is making waves throughout government.
The Department of Defense is one of the biggest proponents of bug bounties in the federal government. In 2016, the Hack the Pentagon program found numerous vulnerabilities in public-facing websites, and paid out $75,000 to security researchers. To continue the cybersecurity initiatives, the Pentagon has contracted with three Silicon Valley companies to promote and administer the contests. Marten Mickos, CEO of bug bounty contractor HackerOne, says that the programs will help the government maintain security by consistently bringing in outside eyes. “As the deputy attorney general said… every organization should have a way of receiving vulnerability reports from the outside,” Mickos said. Mickos told Government Matters that bug bounties are growing in popularity, and predicts that they will become a major part of government cybersecurity in the near future. “It will become much more prevalent. We are already seeing DOJ, FTC and others recommending it to other organizations. I think we’ll see a big uptake of it. We’ll see the risk of data breaches going down and ultimately the number of data breaches going down,” Mickos said. “The ship is turning but it will take a few years before we really can see improvement in cybersecurity.”