Bug bounty programmes give ethical hackers the opportunity to detect vulnerabilities; and in the event of a successful detection, they will then be reimbursed. The model has become increasingly established in recent years. “When we started our company about eight years ago, we always had to explain and defend the model. It was difficult to convince people to pay hackers. Today, even the average person knows the principle,” says CEO Stijn Jans of Intigriti, a Belgian company that has become a European leader in the field of ethical hacking.
The increasing success is mainly linked to the changes that the business world and society have undergone in recent years. Since the global COVID pandemic, for example, more and more companies and sectors have become highly dependent on online applications, and are therefore potential victims of cyberattacks. “Just think of sectors such as fintech and e-commerce, which are increasingly prominent in our world,” Jans states.
Social impact
“Our growth path is of course great for us as a company, but is especially valuable for the community connected to it,” Jans continues. “Intigriti is crowdsourced. We work with an international community of hackers, spread across more than 150 countries. So we can avoid situations where certain systems are always tested by the same people; this approach prevents tunnel vision from developing. In addition, it ensures our hackers' creative ideas are optimally utilised. So it is an opportunistic model.”
Intigriti prides itself on its social impact. “We also work with hackers from countries where economic conditions are more difficult. The compensation they receive can significantly impact their quality of life. The social added value is therefore not only limited to the security aspect. That is precisely why we strongly believe in the added value of our project,” Jans continues.
Whistleblower Act
The Cyber Security Coalition strongly believes in the project and uses the community to better secure their business. In addition, bug bounties also received a big push from the Belgian legislature this year. Since the Belgian Whistleblower Act came into force in February 2023, everyone in our country can legally test companies' security. If a vulnerability is detected, it is then up to the company itself to deal with it and provide an appropriate response. In this way, the government wants to encourage the business community to work on sound security architecture and clear recovery plans in the event of a cyberattack.
“It comes down to the legal anchoring of our model,” says Stijn Jans. “The groundbreaking initiative is primarily the work of the Centre for Cybersecurity Belgium (CBB), which deserves a lot of credit. Belgium is putting itself in the spotlight as a pioneer and can now also pull this bandwagon at European level. Throughout the EU, more and more people are interested in this way of working.”
Supported by the change in law, Intigriti is looking to the future with enthusiasm. “Our model should become even more mainstream, while the quality of our community will continue to increase. Not only through numerical growth, but also the steadily improving technological tools we have available. The ethical hacker community will certainly continue to embrace AI. However, because our model is clearly focused on the creative inspiration and out-of-the-box thinking of our hackers, we do not believe that AI will replace our activities.”