Datadog went public on Thursday and instantly hit a $10 billion valuation, becoming the fourth cloud software debut to reach that level this year.Technologyread more
Blackstone Executive Vice Chairman Tony James says he's less optimistic now than before that the U.S.-China trade war could be resolved, but even a smaller deal could help...World Economyread more
There are challenges with Iran, North Korea, the Afghan Taliban, Israel and the Palestinians — not to mention a number of trade pacts.Politicsread more
In perhaps Buffett's first televised profile, he explained a method of investing that prioritizes bargains and makes use of an occasional baseball analogy.Marketsread more
The massive market transformation this month that some on Wall Street called a "once in a decade opportunity" might have just been a one-off technical move because of taxes.Marketsread more
A 58% majority of registered voters express unease about voting for Trump, but slightly more say the same about Joe Biden and Bernie Sanders, while Elizabeth Warren fares only...Politicsread more
A temporary airspace closure forced flights coming into Dubai from Australia, Singapore and India to be diverted to nearby airports.Airlinesread more
As the home to major companies such as Garmin, Sprint, H&R Block and Russell Stover Chocolates, plenty of business travelers find themselves in Kansas City for work. Here's...Travelread more
The United States aims to avoid war with Iran and the additional troops ordered to be deployed in the Gulf region are for "deterrence and defense," U.S. Secretary of State...Politicsread more
Investors are asking how the world's third-largest defense spender could have left itself so vulnerable and what that means for the future.Politicsread more
The Pentagon will deploy U.S. forces to the Middle East on the heels of the attack on Saudi Arabian oil facilities, United States Secretary of Defense Mark Esper announced...Defenseread more
Freelance elite hackers can make more than $500,000 a year searching for security flaws and reporting those issues at big companies like Tesla and organizations like the Department of Defense, according to new data released by ethical hacking platform Bugcrowd.
The company, founded in 2012, is one of a handful of so-called "bug bounty" firms that provide a platform for hackers to safely chase security flaws at companies that want to be tested.
Hackers work on a clearly defined contract for a specific company and get paid a bounty when they are able to find a flaw in a company's infrastructure. How much they're paid depends on how serious the problem is.
Companies are increasingly looking for alternatives for cybersecurity testing as millions of jobs in the field go vacant, said Bugcrowd CTO Casey Ellis. By some estimates, as many as 3.5 million cyber jobs may be left open by 2021.
Last year, the company saw it's largest payout for a single exploit — $113,000 for a bug found at a large tech hardware company, Ellis said. Payouts rose 37 percent year over year in 2018, according to the data.
Half of the ethical hackers — or security experts hired to penetrate networks and computer systems on behalf of their owners — reported having full-time jobs, according to the survey. About 80 percent said the endeavor helped them land a job in cybersecurity. For the top 50 hackers, the average yearly payouts were around $145,000, Ellis said.
According to Ellis, the hackers making the most money have certain essential skills.
"They found a particular vulnerability class and they go after that over and over again at different companies. They will go all around cyberspace and try to find as many opportunities to exploit that vulnerability as they can," Ellis said.
"They also have good reconnaissance skills and are able to operate on an understanding of what might cause the most damage to an organization. A good sense of how businesses work, or how their infrastructure is built, is really helpful," he added.
And while 94 percent of Bugcrowd's hunters are ages 18 to 44, several are still in high school or middle school. The cost of entry is low and based on skills, Ellis said. About a quarter of the hackers on the platform do not have a college degree.
In order to protect against cyberattacks, companies have been using a range of methods to allow people with hacking skills to test their defenses. Some companies use in-house penetration testers, often putting them on so-called red teams to play the role of a malicious collective trying take down corporate servers or steal information.
Others use consulting firms that offer this service, or bug bounty companies like Bugcrowd, HackerOne, Synack and Cobalt. Or they simply make a reporting email available for anyone who finds issues to reach out to them.
The bug bounty programs offer a more formalized approach, with rules that the hackers must follow, such as not jumping from a server to be tested to other servers with more sensitive data, Ellis said.
IJet and Tesla pay hackers $1,000 to $15,000 for finding problems, depending on the severity of the issue. Mastercard pays up to $3,000. In October, the Department of Defense awarded "Hack the Pentagon" contracts to Bugcrowd, Synack and HackerOne for their crowd-sourced programs.