Like many technology trends, the term crowdsourcing is a bit misunderstood, in part because of overexposure in the media. For most people, because of the way the term has been tossed around, online crowdsourcing is synonymous with Wikipedia or Yelp. While these are examples of crowdsourcing, neither truly portrays the full potential of the concept.
At the RSA Conference two weeks ago, I heard about a fascinating company called Bugcrowd. Bugcrowd’s model interests me in part because of its potential applications to others interested in maximizing the opportunities crowdsourcing offers. I recently had the chance to speak with Bugcrowd’s Founder and CEO, Casey Ellis, and our conversation provided several lessons for understanding how to harness the power of crowdsourcing to the fullest.
Lesson #1: Skilled people want to do good
Mention hackers, and you generally think of Mr. Robot, Anonymous, or Russian politicos — hoodie-clad people crouched over laptops while they engage in their nefarious desires to take down the world economic and political structure. But that’s a stereotype far from reality. In fact, according to Ellis, a main reason Bugcrowd works and came into existence was because so many hackers want to do good.
Bugcrowd operates by incentivizing security researchers to compete to identify major and minor vulnerabilities found in clients’ applications and hardware, as well as to perform penetration testing. Anyone with the skills can compete. Those who solve the problems the quickest receive a reward.
Prior to starting the company, Ellis was leading a penetration testing company that did vulnerability and discovery. But its model was somewhat conventional, paying people by the hour. “I had a fantastic team and there was plenty of demand, but people were compensated on an effort basis,” Ellis said. “What I realized is that we could get even more out of people if we appealed to different motivations.”
Ellis also recognized that in a certain sense, he was fighting a losing battle. He needed far more hackers on the protection side to make a difference, otherwise it was basically like playing 1 on 5 in basketball – even Lebron James can’t carry a team by himself to a championship. “The only way to beat a crowd of bad guys is with a crowd of good guys,” Ellis said.
Source: SANS ISC SecNewsFeed @ February 27, 2017 at 05:42AM