Nordic Semiconductor today announces that it is partnering with HackerOne, the industry-standard for hacker-powered security, and sponsoring a bug-bounty program whereby ethical hackers are encouraged to stress test Nordic’s hardware and software products to find any potential or latent security vulnerabilities so they can be fixed before a cybercriminal finds them.
In operation a bounty is placed on a potential security flaw or bug and ethical hackers are invited to track it down for a financial reward. Should a security vulnerability be identified, Nordic Semiconductor then has an opportunity to disclose to customers, along with a fix, before a cybercriminal is able to exploit it. The program will cover all of Nordic’s latest silicon product series, engineering samples, dev kits, software, reference designs, and cloud services.
“As a wireless IoT company, all aspects of product security are of paramount importance to Nordic Semiconductor,” says Frank Aune, Product Security Officer at Nordic. “We continuously improve based on internal investigations, but engaging with the HackerOne community on a bug-bounty program broadens and further optimizes our ongoing security efforts.”
“The way to minimize security vulnerabilities is to tackle them early,” adds Kjetil Holstad, Director of Product Management. “This means striving to pro-actively find, address, and disclose potential vulnerabilities that can make all the difference for our customers with IoT products in the field. By working with HackerOne we can offer full transparency to our customers in conjunction with the ethical hacker community to further secure our entire product portfolio.”
“Nordic Semiconductor plays an impressive and increasingly influential role in the evolution IoT and we are looking forward to supporting them on our platform alongside existing semiconductor customers,” comments Mårten Mickos, CEO at HackerOne. “Due to the interconnectedness of modern IoT sensors, products and applications, helping Nordic find and fix critical security vulnerabilities as early as possible will benefit the whole IoT industry and we welcome them as our newest member.”
For now, the Nordic Semiconductor HackerOne bug-bounty program will be run privately (invitation only) as Nordic wants to focus on building up a relationship with the community, while prioritizing report quality and report response times. Any interested hacker is invited to contact Nordic directly via the HackerOne platform support team.
HackerOne says it empowers the world to build a safer Internet and claims to be the world’s most trusted hacker-powered security platform. HackerOne says it gives organizations access to the largest community of hackers on the planet and that armed with the most robust database of vulnerability trends and industry benchmarks, its hacker community mitigates cyber risk by searching, finding, and safely reporting real-world security weaknesses for organizations across all industries and attack surfaces.
HackerOne adds that its customer list includes The U.S. Department of Defense, Dropbox, General Motors, GitHub, Goldman Sachs, Google, Hyatt, Intel, Lufthansa, Microsoft, MINDEF Singapore, Nintendo, PayPal, Slack, Starbucks, Twitter, and Verizon Media. HackerOne states that it was ranked fifth on the Fast Company World’s Most Innovative Companies list for 2020. Headquartered in San Francisco, HackerOne has a presence in London, New York, the Netherlands, France, Singapore, and over 70 other locations across the globe.