行業(yè)英語(yǔ) 學(xué)英語(yǔ),練聽力,上聽力課堂! 注冊(cè) 登錄
> 行業(yè)英語(yǔ) > 金融英語(yǔ) > 金融時(shí)報(bào)原文閱讀 >  第157篇

怎樣讓黑客為你服務(wù)?

所屬教程:金融時(shí)報(bào)原文閱讀

瀏覽:

2020年03月21日

手機(jī)版
掃描二維碼方便學(xué)習(xí)和分享

怎樣讓黑客為你服務(wù)?

黑客在人們的印象中往往是一個(gè)貶義詞,可是最近幾年黑客們也開始“做好事”了:谷歌、微軟等一系列科技公司正利用獎(jiǎng)金讓黑客幫他們找出軟件的漏洞。

測(cè)試中可能遇到的詞匯和知識(shí):

upshot結(jié)果;要點(diǎn)['?p??t]

breach違背;缺口;違反[bri?t?]

vulnerability易損性;弱點(diǎn) [,v?ln?r?'b?l?t?]

trailblazing開拓性的['tre?l,ble?z??]

gig economy零工經(jīng)濟(jì)

empirical經(jīng)驗(yàn)主義的[em'p?r?k(?)l]

immune system免疫系統(tǒng)

How hackers can be a force for corporate good(609 words)

By Keren Elazari

The upshot of the information age is that “software is eating the world”. In a rush to create digital code and services, companies competing to be the first to market do not prioritise cyber security — even though security problems and software bugs are a known certainty. When even secure organisations experience data breaches and security incidents, it is clear they need all the help they can get.

Surprisingly, software giants now encourage hackers to hack them. Companies such as Google, Microsoft and Facebook have been doing this since 2010, in what are called “vulnerability reward programmes”, or more commonly “bug bounty programmes”. In an echo of the American wild west, companies offer independent security researchers the chance to win rewards and recognition for identifying critical security problems — software vulnerabilities that could put us all at risk.

While 2016 may have been “the year of the hack”, including the huge denial-of-service internet outage in the US in October, 2017 could be “the year of the friendly hack”. There are more bug bounty programmes in traditional industries, outside Silicon Valley. MasterCard, Johnson & Johnson and even the Pentagon are inviting hackers to work with them and test their systems for vulnerabilities. By rewarding hackers for their discoveries, these organisations can learn from their findings, prevent security breaches, and even recruit top cyber security talent.

This explains why leading companies are willing to pay out millions of dollars in rewards. According to Bugcrowd, which manages many programmes for other companies, in the past few years Google, Facebook, Yahoo, Microsoft and Mozilla paid friendly hackers a total of more than $13m in bounties.

The idea of a bug bounty is not new: in 1995 Netscape offered rewards to users who found bugs in the trailblazing Navigator 2.0 web browser. Now, thousands of ethical hackers help hundreds of organisations find software bugs, using the power of many to make us all safer. Rewards range from T-shirts to 1m airline miles or a $200,000 single reward that Apple offers for certain discoveries.

Bug bounties are becoming more widely accepted because the benefits they provide can greatly outweigh the risks: never before has it been so easy for hackers to legitimately report findings to the companies affected by them and get rewarded without breaking the law — a hacker-specific take on the “gig economy”, if you will. It is also a cost-effective way to find security bugs for the companies in question, as empirical economic research has proven.

Some of the best bug hunters end up being offered full-time corporate positions. These are hackers from all over the world, whose location, access to college education or finances may never have afforded them the chance of an interview — with the result that companies would have missed out on their incredible talent.

The latest corporate benefit, one suggested by the Berkeley Technology Law Journal, is that bug bounty programmes can become a corporate governance “best practice” mechanism. Having such programmes in place can help directors exercise their “duty to monitor” digital assets.

Finally, you might ask: won't criminals take advantage of these programmes? The truth is they seldom require an incentive to hack. They are already at it, making millions illegally. These programmes allow individuals who spot a problem to do the right thing and give companies a chance to sort it out, while getting legitimate payment and recognition. The process represents a practical way to harness the impact of thousands of security researchers who are helping to build a much-needed “immune system” for our connected age. That gives me hope.

The writer is a senior researcher at Tel Aviv University Interdisciplinary Cyber Research Centre and a strategic analyst.

1.Who had not taken part in the“vulnerability reward programmes”?

A.Google

B.Microsoft

C.Snapchat

D.Facebook

答案(1)

2.How much did software giants pay hackers according to Bugcrowd?

A.$13m

B.$14m

C.$15m

D.$20m

答案(2)

3.Which company is the first one in the industry to offer bug bounty?

A.Netscape

B.Google

C.Facebook

D.Microsoft

答案(3)

4.Why won't criminals take advantage of these programmes?

A.Government has strict regulations on these programmes.

B.Companies have enough measures to prevent it happen.

C.They all want a job at these large companies.

D.They don't have an incentive to do it.

答案(4)

(1)答案:C.Snapchat

解釋:一些信息網(wǎng)絡(luò)界的巨頭:谷歌、微軟和臉書在2010年開展了被稱為“找漏洞獎(jiǎng)勵(lì)”的懸賞項(xiàng)目。

(2)答案:A.$13m

解釋:根據(jù)Bugcrowd的統(tǒng)計(jì),谷歌等科技公司總計(jì)向黑客們支付了約1300萬(wàn)美元的“獎(jiǎng)金”。

(3)答案:A.Netscape

解釋:早在1995年,美國(guó)網(wǎng)景公司就對(duì)用戶找到其網(wǎng)頁(yè)瀏覽器Navigator 2.0的漏洞實(shí)施獎(jiǎng)勵(lì)。

(4)答案:D.They don't have an incentive to do it.

解釋:對(duì)于黑客們來(lái)說(shuō),這些項(xiàng)目使得他們能夠通過(guò)合法的方式得到報(bào)酬,他們也就不至于鋌而走險(xiǎn)利用他們發(fā)現(xiàn)的這些漏洞。

用戶搜索

瘋狂英語(yǔ) 英語(yǔ)語(yǔ)法 新概念英語(yǔ) 走遍美國(guó) 四級(jí)聽力 英語(yǔ)音標(biāo) 英語(yǔ)入門 發(fā)音 美語(yǔ) 四級(jí) 新東方 七年級(jí) 賴世雄 zero是什么意思寧波市南都花城月季苑英語(yǔ)學(xué)習(xí)交流群

網(wǎng)站推薦

英語(yǔ)翻譯英語(yǔ)應(yīng)急口語(yǔ)8000句聽歌學(xué)英語(yǔ)英語(yǔ)學(xué)習(xí)方法

  • 頻道推薦
  • |
  • 全站推薦
  • 推薦下載
  • 網(wǎng)站推薦