Collaborative efforts key to uncover vulnerabilities in cybersecurity

Ethical hacking enhances cybersecurity globally.

The practice of ethical hacking is gaining recognition as a crucial component of defensive strategies. Saj Lohani, Global TISO & Sr Director of Cybersecurity at Bugcrowd, emphasised the significant role that ethical hacking plays in enhancing organisational cybersecurity through a collaborative approach.

Ethical hacking, often facilitated by platforms like Bugcrowd, relies heavily on community engagement to identify security vulnerabilities. This method draws on a principle attributed to Linus Torvalds, known as Linus's Law: "Given enough eyes, all bugs are shallow." This concept suggests that a wide-ranging examination by various experts can effectively uncover vulnerabilities that might otherwise go unnoticed.

"What we like to say in Bugcrowd is the concept of 'it takes a crowd.' We're trying to grab all of those bits of talent from all over the community, various parts of the world, and then bring everyone into one place," Lohani explained. 

Despite its growing importance, ethical hacking faces several challenges. One of the primary concerns is keeping up with rapidly advancing technologies, such as artificial intelligence, and ensuring that the contributions of ethical hackers are recognized and utilised by organisations. Moreover, ethical hackers often grapple with potential legal repercussions, which can deter their willingness to report vulnerabilities.

"The biggest challenges arise when there are no clear paths for communication between ethical hackers and the organisations," Lohani said. He advocates for proactive measures, such as vulnerability disclosure programs, which provide a straightforward way for hackers to report issues without fear of legal consequences. 

"It’s basically just a webpage saying, 'Hey, this is where you come in, contact us if you have found an issue.' It makes it accessible, allowing the community to come and talk to you," he noted.

Lohani highlighted an example involving a prominent hacker within the Adobe Experience Manager (AEM) community, who developed a tool that significantly aids in the discovery of vulnerabilities. "If he didn't publish that tool, the issues around that entire type of technology would not have been found as easily," he remarked.

This collaborative approach not only enhances the effectiveness of cybersecurity measures but also keeps costs manageable and the process engaging for participants. It allows ethical hackers to explore specific issues in depth, at their own pace, and in their areas of interest.