“White hat” hackers who spot security vulnerabilities may be one of the most sought-after professions today as Japan’s tech firms struggle to cope with the rising threat of cyberattacks.
White hats are tasked with guarding computer networks against “black hats,” the malicious hackers who infiltrate computer systems to steal or destroy data.
To strengthen education on cybersecurity and train ethical hackers, state-run Chiba University has launched a bug-hunting contest among its students.
“It is the first such attempt by a Japanese national university,” said an official at the university, based in the city of Chiba.
An orientation session held in mid-December for the contest attracted a surprising 50 students.
The contest is part of the university’s curriculum for improving computer security awareness. But instead of cash, competent students are eligible to receive nonmonetary gifts.
“We expect those who perform excellently in the contest to play a leading role in the security industry in the future,” said Tetsuya Ishii, vice president of Chiba University.
Among businesses interested in the contest, Cybozu Inc. introduced a “bug bounty” program in 2014, allowing white-hat hackers to test its system and paying them cash rewards for finding vulnerabilities.
Akitsugu Ito, an official of the Tokyo-based software company, said it pays up to ¥500,000 for each problem detected. About 370 vulnerabilities had been recognized by the end of last year under the bug bounty program, he said, adding that the total payout has amounted to around ¥15.6 million.
“Outside security experts have special expertise in discovering security problems,” Ito said. “They can identify bugs that cannot be spotted in our tests.”
Line Corp., which runs the popular free messaging app Line in Japan, followed suit in 2016.
Sprout Inc., a cybersecurity venture in Tokyo, launched a business in 2016 aimed at connecting security-conscious companies with white-hat hackers around the world. It takes security vulnerability reports from bug hunters and pays rewards to them on behalf of the member companies.
The number of participating companies now totals 10 including Pixiv Inc., an online community site for artists who want to show their works, and major entertainment company Avex Group Holdings Inc. More than 430 hunters have been awarded ¥3.9 million under new the program launched by Sprout.
Bug bounty programs are common in the United States and are often organized by multinational technology companies like Google Inc. and Microsoft Corp. The U.S. Department of Defense introduced a “Hack the Pentagon” bug bounty program last year.
Technology companies in Japan find it imperative to train qualified computer security experts as cyberattacks become more sophisticated and complex.
“Many of our clients are finding bug bounty programs effective and we are receiving an increasing number of inquiries,” Sprout President Seigen Takano said.
“Bug bounties could proliferate explosively.”