Tech mahindra
Tech mahindra

Can Enterprises Crowdsource Security Testing of their Websites?

Posted by: Lucius Lobo On July 26, 2011 04:30 PM

The rate at which external websites are being hacked demonstrates the lack of an effective defensive mechanism in enterprises. Cyber laws were created to safeguard against script kiddies from hacking into websites and defacing them. These laws scared away much of the early warning system that could have been in place. Hacking for fun is vastly different from hacking for profit.

What if enterprises pay to individuals who hacked and privately disclosed flaws? Would that be an effective option to find web flaws? Or would it lead to anarchy and mayhem. Such programs have been in use by product vendors, but not by enterprises.

The advantages:
1.  High quality testing
2.  Frequent testing
3.  Keeps the Security and IT teams on their toes
4.  Reduces the motivation to hack for profit
5.  Value for money as payment will be outcome based

The disadvantages:
1.  Affects site performance
2.  Reduces the effectiveness of cyber laws
3.  Encourages script kiddies
4.  May not be practical to implement

On the whole, I believe a crowd sourcing approach will be a net positive. It will motivate the good guys more than the laws deter the bad guys.

I must add a disclaimer to this blog. These are a thoughts and not a recommendation. The key lies in the practicality and legality of the method used for implementation.​

Tags: Security
(*) symbol is mandatory field
* Email Address:


(*) symbol is mandatory field

Post a Comment

* First Name:
* Email Address:
Image Code
* Enter Image Code

Contact Us


For further information please write to

For further information please write to