There is something about spring that seems to impact our co-hosts getting together. Between the demands of work schedules, conferences, and holidays with friends and family I would like to apologize for the infrequency of our podcast. At one point in time we had planned on having a bunch of reserve episodes in backup that we could post, but that is not really fair to you, the listeners. So for this week, I am going to write a quick post about some interesting things I’ve seen lately.
My schedule has been impacted by a bunch of customer visits and conferences lately, one of those conferences was RSA in San Fransisco. RSA is one of the largest security conferences each year, and it was completely overwhelming. You can go to my other blog for my daily quick reports on the conference over at Triangle App Show. There were two items at that conference that I think would have made great discussion topics on this podcast, however, I will blog about them instead.
Bugcrowd and Cyber Patriot:
Bugcrowd – is a crowd sourcing platform which specializes in security testing of public applications. It uses many of the traditional gamificafion techniques of leaderboards, non-traditional currencies (Kudos), and adds in real bug bounties for cash. Companies will hire bugcrowd to get a group of testers who are unleashed on a site or app, and have to report bugs that they find. While talking to the team at bugcrowd one of the original founders at topcoder came up and asked how they vet their participants. This was a big issue for TopCoder when they looked at offering a similar service, and due to liability they decided not to offer it. How do you stop a would be black hat from using the service to uncover bugs and not report them, only to then sell them on the gray market. To me this was the part where bugcrowd didn’t understand the dynamics of the game. Their basic premise is they only open up the call for participants on public sites or apps, so a real black hat wouldn’t join the game and just do their hacking independently. I am not sure that this is true, since the black hat can see what exploits others are finding and sell them as short lived zero days. I have been reading the book Future Crimes by Marc Goodman, and the value of zero days on social sites, even short lived, could easily be worth more on the gray market than the entire bounty of the bugcrowd game. Setting up the right game mechanics could solve this, but could reduce the incentive for participants to build on the work of others.
Cyber Patriot –
The Cyber Patriot program is a aimed at grade school kids to teach them about ethical hacking, security and privacy on the internet. At the RSA conference there was an area with an entire focus on cyber safety for kids. This area included many interesting companies (more on them over at my other blog – Triangle App Show. At the time of the show, the Cyber Patriot program had two competitions, one for Middle-school kids and one for High School kids. The structure of the contest allowed for state and regional competitions all leading to a national competition where the best of the best got a free trip for the team and their instructor. The national competition allows for students to compete head to head on identifying and solving a cyber security challenge. What I found interesting talking to the individual at the booth, was that they Cyber Patriot program recognized that waiting for Middle School was too late. As such they were about to launch in a few weeks (and they have by now) a program for younger kids – all the way down to Kindergarten. The younger children will get a much more “mario type” gaming mechanic as a way to help them learn and understand cyber safety and cyber security. I find this a great way of teaching kids the implications of our online lives.
A quick parallel to the last thought, as we’ve had more and more breaches of customer information in the news, healthcare systems, store credit cards, social networks, etc. the issue of identity theft is becoming more critical. Not just the identity of an adult, but that of our children. If a cyber criminal can get an identity tied to a young child, they can leverage that for 10+ years of fraud, ultimately ruining the future reputation of your children. Think about how you are protecting your children from this identity theft.
As we move forward with the podcast, I am sure we will be opening the aperture and extending our topics beyond just the gamification discussion. Having said that, please drop us a note if you have any ideas of what you’d like to hear more of. Thanks for all your support – and keep Playing Games!! AT WORK!