11:44 21 February 2017
FEATURE Japan seeks "white-hat" hackers to defend against cyberattacks
TOKYO, Feb. 21, Kyodo
"White-hat" hackers who spot a security vulnerability in a computer system or network may be one of the most sought-after professions in Japan today with technology firms struggling with increasing threats of cyberattacks.
In an effort to strengthen education on system security and train ethical hackers, a state-run Japanese college has launched a bug-hunting contest among its students.
White-hat hackers are those who detect security weakness to prevent "black-hat" malicious hackers from infiltrating computer systems, and stealing and destroying data.
In 2014, Cybozu Inc. introduced a "bug bounty" program, allowing white-hat hackers to test its system and paying them cash rewards for finding any vulnerability.
Akitsugu Ito, an official of the Tokyo-based software company, said that it pays up to 500,000 yen for each problem detected. About 370 vulnerabilities had been recognized by the end of last year under the bug bounty program, he said, adding the total payout has amounted to around 15.6 million yen.
"Outside security experts have special expertise in discovering security problems," Ito said. "They can identify bugs that cannot be spotted in our tests."
Line Corp., the operator of the popular free messaging application in Japan, followed suit in 2016.
Meanwhile, Sprout Inc., a cyber security venture in Tokyo, launched a business in 2016 aimed at connecting security-conscious companies with white hackers around the world. The company takes security vulnerability reports from bug hunters and pay rewards to them on behalf of the member companies.
The number of contract companies now totals 10 including Pixiv Inc., an online community site for artists who want to exhibit their work, and Avex Group Holdings Inc., a major entertainment business company. More than 430 hunters have been awarded a total of 3.9 million yen under the program.
On the educational front, Chiba University has organized a bug-hunting contest for its students. "It is the first such attempt by a Japanese national university," said an official of the university based in Chiba, east of Tokyo.
An orientation session held in mid-January for the contest attracted a greater-than-expected 50 students.
No cash is paid to those taking part in the contest, which is held as part of the university's curriculum to enhance people's awareness of computer security. Instead, students recognized competent in detecting security vulnerabilities are eligible for nonmonetary gifts.
"We expect those who perform excellently in the contest to play a leading role in the security industry in the future," said Tetsuya Ishii, vice president of Chiba University.
Bug bounty programs are very common in the United States, often organized by multinational technology companies such as Google Inc. and Microsoft Corp. The U.S. Department of Defense introduced the "Hack the Pentagon" pilot bug bounty program last year.
Technology companies in Japan find it imperative to train qualified computer security experts in response to cyberattacks that have become very sophisticated and complex.
Sprout President Seigen Takano said, "Many of our clients are finding bug bounty programs effective and we are receiving an increasing number of inquiries."
"Bug bounties could proliferate explosively," he said.