OPEN HACKING VALIDATION
With the bugs and flaws creating vulnerabilities making possible hacks and breaches and thus a insecure cyber world, open hacking validation of software, gadgets, tools should have become the order of the day by now. In its place opaque system of validation is still in place, penetration testing, integration testing et al, with costing being the only consideration and that it has gone through the required mechanical rigmarole. The compliance issue is sorted out. The understanding of integrated of important systems in another challenge. The vulnerability can emerge and will end up somewhere else or the whole system.
It is beyond a team of software developers or manufacturers of whatever gadget, software or otherwise to validate the cyber security worthiness of the gadget. Open Hacking Validation means that the product is put through a hacking event which is organised by the enterprise which has created, developed or manufactured it. The bug bounty program of Tesla started in the 2104 is among the pioneers in the world. The intention of the company is to get into partnerships with security researchers / white hat hackers ”to ensure that all Tesla owners constantly benefit from the brightest minds of the community.”
Amat Cama and Richard Zhu of team Fluoroacetate “exposed a vulnerability in the vehicle system” during the Pwn2Own 2019 hacking competition, organised by Trend Micro’s “Zero Day Initiative (ZDI)”, held this week. The hackers being talked about were able to target the infotainment system on the Tesla Model 3. They used a ”JIT bug in the renderer’ to take control of the system. Electric Vehicle maker Tesla, as promised, gave away one of their Model 3 cars and $35,000 prize money.
Pwn2Own is a great initiative which will not only improve Tesla products and also the ”approach to designing inherently secure systems,” if replicated at a large scale has the potential the cyber security landscape, through Open Hacking Validation of all products across board. Open Threat Modelling Validation can also be added to detect flaws in the software. Security researchers and white hat hackers have lots to contribute to make cyber world safe.
TRANSPARENT STRINGENT OPEN SECURITY VALIDATION OF SOFTWARES / GADGETS AND PRODUCTS HAS BECOME A MUST TODAY.