Paying Hackers to Improve Security?

As silly as it may sound, some technology companies such as Yahoo, Google, Facebook, Dropbox, Microsoft, Yahoo, PayPal pay bounties to hackers for reporting code mistakes that could lead to hacking.

.
In the past, a benevolent hacker reporting a flaw to a big company would have earned little benefit; in fact, he may have ended being ignored or threatened with a criminal prosecution. Hackers would rather kept this information in their so-called zero day bugs list, which are software vulnerabilities not yet discovered or patched that can easily be taken advantage of, or sell it to criminals or governments through a flourishing black market.

.
On July the 15th, 2014, Google has lunched Project Zero, a team of 10 full-time security analysts whose task is finding zero day bugs. When they uncover a flaw, they report it to the manufacturer which whom has 90 days to solve it. They inform the public after 90 days or once a patch has been released. Its goal is to make the zero day bugs lists useless. So far, they have reported more than 400 critical bugs in widely used programs.

.
Zero-day attacks are generally unknown to the public, so it is often difficult to defend ourselves against them. They can target “secure” networks and remain undetected even after they are launched.

The following video is a trailer of the documentary Hackers Are People Too that presents the hacking community.