Paying Hackers For Bugs Found
Nowadays, it’s not uncommon to hear or read about websites of big companies and organizations around the world getting hacked. Hacking government websites is getting prevalent in the Philippines causing the administration to reiterate its support for the passage of the cybercrime and data privacy bills. In a news release about the issue of hacking government websites, the newly formed Information and Communications Technology Office (ICTO) under the Department of Science and Technology (DOST) said the passage of the two bills will help government agencies in combating cybercrimes in the country.
While no sensitive data were stolen or leaked by the hackers, the ICTO said it is noting these incidents with concern. The agency said it will be advocating for increased awareness of cyber attacks, the capacity building of website administrators to ward off such attacks and the knowledge sharing between the government and private sector in terms of cyber security. It added that the bills, when enacted, would solidify government policy as regards these threats and deter crimes committed using cyberspace.
The question is, will the government be able to catch and penalize the suspected hackers once the cybercrime bills become laws? Is running after the hackers the best solution to the problem? Will hacking websites cease when the guilty parties are caught and put in jail? Can the Philippine government succeed in catching the criminals when the more powerful countries in the world are failing in their efforts?
The current spate of hacking brings to my mind what the Internet giants like Google, Mozilla and Facebook are doing to make sure that they get all the security bugs in their websites fixed so that their sites are secured from hacking . . . they challenge hackers to find problems with their sites, and report these to its security team. And yes, Facebook pays the hackers for the bugs they find by a base rate of US$500 each (around PhP21,000 at current exchange rate). Google was reported to have started paying for Chrome browser bugs in 2010 and it paid between US$500 and US$3,133.70 (PhP131,615) depending on the severity of the flaw.
I am not saying that the Philippine government must pay the same amounts to hackers if they decide to adopt what the Internet giants are doing. What i would like to propose is for the well-intentioned hackers to be invited to join in the efforts to better secure Philippine websites and pay them the amount they deserve. It may turn out to be cheaper this way than hiring experts to put up hacked sites again and again. What do you say?