Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Comment Re:Snake oil salesman (Score 1) 49

Ha ha. That's a common joke about the security industry. There is some truth to it.

What's great with bug bounty programs is that customers pay for results. You pay for valid and useful vulnerability reports. You don't pay for reports that are not useful. For hackers to make money (and the best ones make a lot of money), they must produce useful and relevant vulnerability reports.

That's a HUGE difference compared to traditional security products and services and it explains why bug bounty programs are becoming so popular. They are much more effective than any other method of finding vulns in live software.

Comment Re:70,000 white hat hackers? (Score 1) 49

Yep, 70,000 is a lot! The number keeps growing, and we hope to get to a million. To serve all companies and government organizations worldwide who will be needing bug bounty programs, we need a lot of excellent hackers.

It should also be noted that it takes a lot of hacking to find even a simple vulnerability. Of the 70,000 hacker accounts we have, about 1 in 6 have filed an actual vulnerability report. To help them get going, we have an ebook on hacking that we give to new hackers. Once new hackers get the hang of bug hunting they can advance fast, earning more and more reputation points. When you sign up at HackerOne, you start at 100 points. Our most prolific hackers have reached 10,000 points. You can do it, too!

Comment Re:Second coming of teams of ethical hackers (Score 1) 49

Yep this is true. It is also a common situation that humanity has dealt with successfully many times. To keep a ship afloat, you must find and fix every hole. Even one hole might sink it. To keep an aircraft safely flying, similarly every safety aspect must be in shape. Shipping and airlines have great safety track record these days.

To keep software secure, you must attempt to fix all serious vulnerabilities. You may never get to 100% vuln-free software, but the closer you get and the faster you can asymptotically move towards that goal, the more you reduce your cybersecurity risk.

Comment Re:Second coming of teams of ethical hackers (Score 2) 49

It has taken decades for the industry to get used to bug bounties. The first one was in 1981. Now it is starting to be very real. HackerOne has already paid out over $10,000 to hackers and researchers around the world. One hacker has made over half a million dollars. Another recently bought an apartment for his mother with the bounty money he had made. Still lots of work and education to do, but it is very much moving in the right direction. An example: the US DoD now committing $7m to vulnerability disclosure programs.

- Marten (HackerOne CEO)

Comment Re: Curly braces = good. Indents = bad. (Score 2) 173

Two major issues. One- indent only code is nearly impossible to find bugs in. I've seen teams of programmers look for weeks for the source of an issue, it ended up being 1 line that used a tab instead of spaces. Indentation fails because of such issues.

Secondly, you can't copy paste cleanly from the web with an indentation based language.

Either of those is a disqualified by itself. Both together make it such a brain dead choice nobody should even look at a language that uses it

Comment Re:like what? (Score 1) 537

ALso add in people who choose to switch from public transport to cars. I know many people who take public transit because they don't want to drive in traffic. If a car was self driving, they'd choose it over a crowded, smelly, loud bus in a second.

Oh, and elderly who can no longer safely drive.

Self driving cars won't reduce traffic or the need for parking. It will be somewhere in the no change to 20 percent worse.

Comment Re:like what? (Score 1) 537

No they wouldn't. You're assuming that with autonomous vehicles we wouldn't still all own our own autonomous cars. I see no reason to believe that would be the case. I'm not going to sit around waiting for 10 minutes for a car to be available and drive to my house every time I want to drive- I'm just going to own my own car. If anything it will increase the need for parking space, as minors not capable of driving may be given cars to drive them.

Comment Re:Google is still #1 (Score 4, Insightful) 118

No, it isn't. Believe it or not, people shared code before GitHub. They generally hosted it themselves, or used other popular sites like sourceforge. Claiming that one company has more due merely due to GitHub contributors is ridiculously incomplete to the point of uselessness.

GitHub is popular, but there's dozens of other places to host your code. Most developers don't use it.

Comment Re: AI's a Lie (Score 1) 218

Congratulations you just described what AI is. Its a bunch of algorithms strung together with heuristics to implement someone's best idea of how to do something. Believing it to be anything else means you spend too much time reading sci-fi books and not enough time actually studying AI. All anything based on processors and software can ever be is just that. The question is how well can that drive a car? The answer is it isn't quite there but we're getting a lot closer. I don't really expect it in the next 10 years, but we will get there.

Comment Re:AI's a Lie (Score 1) 218

We don't need to, because the program doesn't need to make the decision in the same way, it just needs to come to a correct outcome. Basically it needs to be able to process the images/radar info/other input and come to a decision as to whether its about to hit anything and if so what to do about it. That is something that we're becoming capable of doing (and improved image recognition will push this along). But the path taken to get there can be completely divergent from how humans think.

Slashdot Top Deals

Not only is UNIX dead, it's starting to smell really bad. -- Rob Pike