360 Total Security Blog

3 outside resources to make today’s security services even more secure

Cybercriminals we are facing today have gone far beyond what traditional security products can handle; therefore, new solutions and weapons have been introduced to keep us protected. In addition to taking approaches such as frequent updates, artificial intelligence and other add-ons, security vendors also leverage outside resources to enhance the security level for users.

Bounty programs – External resources to bring big savings and better security

A bounty program is a deal offered by many websites and software developers to motivate individuals to report bugs, exploits and vulnerabilities in the Internet services, software, sites and apps in exchange for rewards.

Bug bounty programs create benefits to companies and developers, who can thus discover unfound vulnerabilities in regular penetration tests and security audits, and provide fixes before these vulnerabilities are exploited and cause tremendous losses.

Meanwhile, bug bounty hunters can get positive recognition and compensation (usually monetary) by delivering bugs to the companies instead of publicizing them or even selling them in the black market.

Since bounty programs have become an effective tool to prevent potential vulnerability exploits, an increasing number of companies, including Facebook, Apple and even Pornhub (yeah, the world’s largest pornography site), have initiated their own bounty programs to make their products more secure.

Cybersecurity Conferences – Get the latest security trends and technologies

New cyber schemes are being created everyday by day, how to always stay ahead of them? Participating in a cybersecurity conference may be one fast way to engage in the latest technologies.

There are a number of cybersecurity conferences held around the globe every year, including DEFCON, RSA Conference, and Black Hat Briefings. Security experts, professionals, vendors, and government representatives gather in these security events to share their thoughts and know-how toward the latest security trends and technologies and get inspired from each other.

An information security conference values not only its participants or cyber-security professionals, but everyone who lives in this modern era. With mass media spreading the word, the pubic are also more aware of the potential threats, actions to take, and applicable tools.

Hacking competitions – Crack to get bounties, legally.

A hacking competition is another security event similar to a bounty program, which offers rewards for contestants to crack a service and find its weakness. Participants are assigned to break into a 3C product or an application, like a smartphone or a web browser, within limited time. Anyone who succeeds to conduct the hack can take home large cash prizes and gain reputation.

Famous hacking events include CTF (Capture the Flag) contest in the DEF Con, and Pwn2Own in CanSecWest security conference, in which 360Vulcan team hacked Google Chrome within 11 minutes last year.

Internet or security companies often sponsor these competitions or provide additional cash rewards. For instance, Google sweetened the rewards by offering an extra $20,000 cash prize at Pwn2Own 2011 to the one who broke into its Chrome browser.

These multi-pronged approaches offer a great deal of advantages for the entire information security field and bring benefits to the users. Hackers (Do you know hackers are not all bad?) can drive innovation in a bounty program or a hacking event. Meanwhile, by integrating the talent of enthusiasts and professionals, the security vendors can improve their strategies and products constantly to protect all the users against malicious actors.