In the TV show Mr. Robot it was repeatedly shown how easily a hacker can penetrate corporate systems. A guy in a hoodie sits in an internet café and gets the owner into trouble for hosting questionable services from the basement of his coffee shop - or how the same guy changes his blood results from the hospital bed by just using his phone. The show is critically acclaimed for using hacks that could be possible in the real world, specifically for it’s realistic approach to hacking. The show obviously has a little bit of Hollywood spice to it, but all in all quite a realistic view of hacking.
We started our Bug Bounty program in October of 2016 with the help of HackerOne. We have already for years invested in improving our overall security. Last year we were granted the ISO27001 certificate and now we want to take the security of our services to the next level.
We challenge hackers around the world to find vulnerabilities in our services. It is a logical step in our path to mature our security even further. We receive about 600,000 -700,000 attacks per day, so it is in our interest to get the best hackers on our side. Hackers can receive monetary rewards for reporting vulnerabilities to us. Automated scans and audits can only get you to a certain point and they only provide with a snapshot of the current situation in the services. With the help of this program we will have a continuous benefit and we can proactively display the level of security in our services.
We started the program off as invite-only, only inviting a limited amount of hackers. Thereafter we move into a completely public Bug Bounty program, that can be found here.
By joining the HackerOne community, we can in co-operation with the best hackers in the world improve the security of our services even more effectively. In the process also securing our own and our customers data better than ever before.
Information Security Manager
Visma Enterprise Oy