Coles makes a special offer to hackers: help to take us down
Organised bug hunts improve security, writes Brad Howarth.
Please check the following:
- {{x.value}}
FREE membership
FREE membership
Join InvestSMART today
{{ twilioFailed ? 'SMS Code Failed to Send…' : 'Enter verification code' }}
Please enter the 5 digit verification code sent to "{{user.DayPhone}}" Change number
We cannot send you a verification code via SMS to "{{user.DayPhone}}" Change number
{{ completedStep1 ? 'Authentication & Security' : content.trialHeading.replace('{0}', user.FirstName) }}
Please enter your mobile number and press send to receive a text message with a verification code.
{{ content.upgradeHeading.replace('{0}', user.FirstName) }}
The email address you entered is registered with InvestSMART
Please login to continue
Thank you
We have sent you an email with the details of your registration.
Purchase order
Sign up
Log in
Looks you are already a member. Please enter your password to proceed
{{ upgradeCTAText }}
Updating information
Please wait ...
Your membership to InvestSMART Group recently failed to renew.
Please make sure your payment details are up to date to continue your membership.
Having trouble renewing?
Please contact Member Services on support@investsmart.com.au or 1300 880 160
You've recently updated your payment details.
It may take a few minutes to update your subscription details, during this time you will not be able to view locked content.
If you are still having trouble viewing content after 10 minutes, try logging out of your account and logging back in.
Still having trouble viewing content?
Please contact Member Services on support@investsmart.com.au or 1300 880 160
Please click on the ACTIVATE button to activate your Intelligent Investor 15-day free trial
Please click on the ACTIVATE button to finalise your membership
Log in
Upgrade Today
Unsuccessful registration
Registration for this event is available only to Eureka Report members. View our membership page for more information.
Registration for this event is available only to Intelligent Investor members. View our membership page for more information.
{{eventFunction.Name}}
{{eventFunction.EventTypeName}}
{{eventFunction.StartDate}}
{{eventFunction.EventTimings}}
{{eventFunction.VenueName}}
{{ t.Cost === 0 ? "FREE" : "$" + t.Cost.toFixed(2) }}
Quantity *
- You are already registered for this event.
- This event is already full.
- Please select a quantity for at least one ticket.
- {{ i }}
Forgotten password
Please enter your email address below to request a new password
Check your inbox
- Verify your email address by clicking on the link we sent to {{user.Email}}
- You now have free access, we look forward to helping you on your financial journey.
Organised bug hunts improve security, writes Brad Howarth.
Ever wanted to hack the Coles website or other software applications? The giant Australian retailer is not only inviting would-be hackers to find breaches in a number of its online assets, it will also pay them if they are successful.
Coles is one of a growing list of companies that are utilising bug bounty programs to augment their regular software security testing. Bug bounties are a form of penetration testing that call upon the skills of freelance computer security professionals to join organised bug hunts designed to uncover weaknesses in websites and online applications. Anyone who discovers a weakness is encouraged to discreetly inform the target organisation and is given a financial reward.
In the case of Coles, it is managing its bug bounty program through the Australian start-up Bugcrowd. According to CINToles' group general manager for IT, Conrad Harvey, Bugcrowd caught his attention during an investor session organised by the Startmate incubator program. Within 48 hours Coles had signed up, and its first bug bounty was launched the following Saturday.
Harvey said Bugcrowd gave Coles access to security testing skills that it could otherwise not reach, particularly in newer fields such as Android applications. Harvey said the service would also be used to help secure other customer-facing applications, and would act as an additional layer of security alongside Coles' existing protocols and procedures.
Bugcrowd's growing list of customers includes Rabobank, Bigcommerce and Google. It recruits security testers and manages the bug bounty program, ensuring that all parties are treated fairly.
Company co-founder Casey Ellis is currently in the US raising Bugcrowd's first round of capital. He said the company had taken off much faster than anticipated after he and business partner Serg Belokamen launched it late last year. He described Bugcrowd as bringing balance to the economic advantage possessed by "the bad guys".
"For companies like Coles or Google or Rabobank, every time they have to get their stuff tested they have to pay someone for their time, regardless of whether they find something or not," Ellis said. "When you look at the bad guys, there is a lot more of them, there is a lot more diversity in the skill set, but the economics are that they don't get paid until they find something and exploit it."
Numerous companies are now competing in the bug bounty market, including Melbourne-based Bugwolf. Founder Ash Conway said he also expected to announce several large client wins imminently.
Business security specialist Nick Ellsmore, who has worked as an advisor to Bugcrowd, estimated that the Australian market for penetration testing was worth about $300 million a year, and sees strong opportunities for new services.
"If you look at the size of the market and how it's being serviced, there is currently no company in that would have more than 10 per cent market share," Ellsmore said. "A lot of the work is being done by people who aren't specialists, and it's really an industry that calls out for a better solution."
Ever wanted to hack the Coles website or other software applications? The giant Australian retailer is not only inviting would-be hackers to find breaches in a number of its online assets, it will also pay them if they are successful.
Coles is one of a growing list of companies that are utilising bug bounty programs to augment their regular software security testing. Bug bounties are a form of penetration testing that call upon the skills of freelance computer security professionals to join organised bug hunts designed to uncover weaknesses in websites and online applications. Anyone who discovers a weakness is encouraged to discreetly inform the target organisation and is given a financial reward.
In the case of Coles, it is managing its bug bounty program through the Australian start-up Bugcrowd. According to CINToles' group general manager for IT, Conrad Harvey, Bugcrowd caught his attention during an investor session organised by the Startmate incubator program. Within 48 hours Coles had signed up, and its first bug bounty was launched the following Saturday.
Harvey said Bugcrowd gave Coles access to security testing skills that it could otherwise not reach, particularly in newer fields such as Android applications. Harvey said the service would also be used to help secure other customer-facing applications, and would act as an additional layer of security alongside Coles' existing protocols and procedures.
Bugcrowd's growing list of customers includes Rabobank, Bigcommerce and Google. It recruits security testers and manages the bug bounty program, ensuring that all parties are treated fairly.
Company co-founder Casey Ellis is currently in the US raising Bugcrowd's first round of capital. He said the company had taken off much faster than anticipated after he and business partner Serg Belokamen launched it late last year. He described Bugcrowd as bringing balance to the economic advantage possessed by "the bad guys".
"For companies like Coles or Google or Rabobank, every time they have to get their stuff tested they have to pay someone for their time, regardless of whether they find something or not," Ellis said. "When you look at the bad guys, there is a lot more of them, there is a lot more diversity in the skill set, but the economics are that they don't get paid until they find something and exploit it."
Numerous companies are now competing in the bug bounty market, including Melbourne-based Bugwolf. Founder Ash Conway said he also expected to announce several large client wins imminently.
Business security specialist Nick Ellsmore, who has worked as an advisor to Bugcrowd, estimated that the Australian market for penetration testing was worth about $300 million a year, and sees strong opportunities for new services.
"If you look at the size of the market and how it's being serviced, there is currently no company in that would have more than 10 per cent market share," Ellsmore said. "A lot of the work is being done by people who aren't specialists, and it's really an industry that calls out for a better solution."
Share this article and show your support
Call 1300 880 160
Start a chat
Schedule a call
