Hackers now serve as researchers into our products, capable of discovering and correcting faults, bringing a clear competitive advantage.
GM has just closed a deal with HackerOne, the cybersecurity company run by Mårten Mickosthat specializes in bug bounty programs that pays hackers to discover vulnerabilities. The company, which raised $25 million in June, adding to the founders’ $9 million, is trying to change the image of hacking at a time when just about everything is hackable in one way or another.
Following the scandal last year after Andy Greenberg’s Jeep experiment in Wired, the automobile industry has accepted that its vehicles, as with any other programmed product, are vulnerable to hacking and that it is better to pay people to find those weaknesses and make its cars safer in the process.
GM’s decision to work with hackers, based on a list of eight rules, is an important one for a company that would once have seen these kinds of practices as illegal. The idea of working with an outside company to improve its products is based on a chilling logic: if it doesn’t, it runs the risk that other people will find those faults, exposing the company to legal responsibilities. Obviously, getting hackers to fix your products and leverage on hacker ethic isn’t a failsafe solution, but it can certainly help fix problems further down the line.
After years of dismissing hackers as criminals, growing numbers of large corporations are finally beginning to see them as allies that can help improve their products. It is not just a terminology problem. The simple truth is that complex systems can only be developed along inclusive lines that allow people inside and outside the company to propose changes, improvements, or solutions to problems.
What’s more, bringing in hackers to put a product through its paces isn’t just about security. Call it a bug bounty program, ethical hacking, or simply a hackathon, the truth is that more and more companies are seeing the benefits of bringing in external talent to supplement the abilities of in-house staff. Companies that are able to use these kinds of approaches, that reward external talent rather than seeing it as a source of cheap ideas, and that are able to create a community that is interested in improving its products, all stand to benefit. The success of these communities will depend on the reputation of the company and its ability to inspire people who don’t work directly for it. What’s more, hackers don’t work for just anybody.
For tech companies particularly, being able bring the hacking community on board can give a key competitive edge. Does your company have what it takes, and is it able to offer the right incentives to create this kind of community? At the end of the day, the simple truth is that open is always better than closed, and this applies to everything, including the design of products.
Enrique Dans. Professor. IE Business School,