3
1
1
Jake Murphy and open source image of a hacker
(Image by Jake Murphy and theinquirer.net) Permission Details DMCA
Rob: Jake Murphy is a hacker. But he's a good guy. He helps protect companies and organizations from vulnerabilities in their websites and software. He's ranked by one organization as among the top 150 out of 60,000. Jake, tell us about the organization that ranks you so high out of 60,000.
Bugcrowd is a third party service that connects talented security researchers with major clients (examples include Tesla Motors, Western Union Bank, Jet.com, etc). They validate the hacker's reports and send them to the company where the vulnerability was found. These vulnerabilities are then patched, and payment is handled by the Bugcrowd entity.
Rob: Can you give a few examples of what your work involves?
-My work involves assessing web applications/software for any sort of vulnerability that can be exploited by a malicious attacker. I typically work on websites, and report anything I find in an effort to keep companies safe and secure.
Rob: Describe a few cases
Patagonia Clothing
-Within the last year, I have worked with Patagonia Clothing to fix a vulnerability allowing access into a database containing confidential information on over 5 million customers (usernames, passwords, credit card numbers, etc). Rather than use this for personal gain, I reported it to their Security Engineer and worked with him to patch it. You can read more about it at edmurphy1.blogspot.com/
Department of Defense
-I have worked with the Department of Defense to fix two critical vulnerabilities allowing access into back-end databases of both the Army and the Navy.
Rob: Can you tell us more about this work for the Dept. of Defense-- how you found the vulnerabilities? I'm guessing you fished around and found it, then told them about it.
-The majority of the work is confidential, however I was a participant in their bug bounty program published on HackerOne . HackerOne is the no. 1 bug bounty and vulnerability disclosure platform, connecting more than 750 organizations to the world's largest community of trusted hackers. They have resolved more than 38,000 vulnerabilities and awarded more than $14M in bug bounties.
Renweb Grade Management Software
Comments
Click Here to View Comments or Join the Conversation