Australian government is all set to release a new portfolio of rules that order companies pay hackers for launching cyber-attacks. But the whole activity has a hidden twist in it as only ethical hackers will be rewarded under the ‘bug bounty’ program and they will receive a reward for letting the companies know about the vulnerabilities in their cyber defenses.
The program will be launched in January next year and was drafted to block state sponsored cyber attacks on Australian IT infrastructure.
In the past few months, many companies witnessed foreign infiltration on their networks and among them, the most noted were Optus Cyber Attack and data breach on Insurance company Medibank.
To put a full stop on such threats, the Australian Cyber Security Centre (ACSC) that works in coordination with Britain’s NCSC issued some guidelines to put a curb on foreign cyber threats. Australian Signals Directorate set-up a Vulnerability Disclosure Program (VDPs) and has announced bug bounties.
ASD will issue rewards and will have the sole authority on making these revelations public.
Many companies in the United States such as Microsoft, Google, Amazon, Facebook, Twitter and such have such bug bounty programs in place in America and the reward range between $5000- $200,000.
It all depends on the severity of the vulnerability that has been discovered and hackers accessed whether any sensitive data.
Pentagon started this theme of rewarding white-hat hackers in the year 2011 and then recommended it to the then Barack Obama government to continue encouraging hackers by announced financial rewards.