What is ethical hacking?
An ethical hacker (also known as a white hat hacker) is the ultimate security professional. Ethical hackers know how to find and exploit vulnerabilities and weaknesses in various systems—just like a malicious hacker (or a black hat hacker). They both use the same skills; however, an ethical hacker uses those skills in a legitimate, lawful manner to try to find vulnerabilities and fix them before the bad guys can get there and try to break in.
An ethical hacker’s role is similar to that of a penetration tester, but it involves broader duties. They break into systems legally and ethically. This is the primary difference between ethical hackers and real hackers—the legality.
Safaricom reward programme
Telecom operator Safaricom is launching a programme to promote and encourage ethical hacking and responsible disclosure of bugs or vulnerabilities found in any of its products and services.
The target groups are university and college students, innovation centers like iHub and iLab, cybersecurity forums such as Africa Hackon, ISACA, and Hackathons.
Through a partnership with HackerOne, a cyber-security company, hackers can submit bugs they may find in a confidential and responsible manner which will then be vetted and triaged by the HackerOne team independently.
“The reason for starting this program was to encourage hackers to report any bugs/vulnerabilities that they may find in Safaricom’s products and services to Safaricom in a confidential and ethical manner instead of exploiting them or disclosing them to the public,” said Thibaud Rerolle, Safaricom’s Technology Director.
According to the firm, if the issue is found to be valid, HackerOne will then forward it to Safaricom for confirmation before awarding the hacker for their effort.
Mr. Rerolle said the award can range between Sh25,000 ($250) and Sh200,000 ($2,000) depending on the severity of the bug.
“The HackerOne platform is used by many Fortune 500 companies – the likes of Facebook, Google, Microsoft, Apple and even the US Department of Defence,” said Mr. Rerolle.
As of July 2018, HackerOne’s network consisted of approximately 200,000 security researchers and had resolved over 72,000 vulnerabilities across over 1,000 customer programs and had paid over Sh3.1 billion ($31 million) in bounty rewards.