The market is still very small, should cooperate more than competition

Source: Internet
Author: User
Keywords Competition Jiang Jintao very small
Tags .mall clouds company demand different different places internet + it is
Absrtact: Jiang Jintao More familiar name is flame, he is a former Tencent security engineer. Shenzhen, Chengdu, Beijing, Shanghai, and then back to Beijing, and then to Taiwan this is Jiang Jintao told me his recent trip. To different places, see different people, and

Jiang Jintao's more familiar name is flame, a former Tencent security engineer. Shenzhen, Chengdu, Beijing, Shanghai, then back to Beijing, and then to Taiwan-this is Jiang Jintao told me his recent trip. Go to different places, meet different people, and talk to them about the security industry's views and future. He and the security and related industries of the various people have communication, have talked about the topic, he is rich in communication, this with his newly created white hat platform Sobug to peer to open mentality of cooperation is almost the same.

The first thing we think about is the dark clouds. It is no exaggeration to say that in the security market, black clouds are the first domestic to put forward the concept of public testing and to bring it to the community perspective. "They are the first people to put forward the concept of public testing and let the majority and the company understand, the work is not." "But in terms of company and product operations, sobug and dark clouds have the opposite idea.

Flame is very exclusive of the company by the Internet or security-related institutions or companies to invest, he believes that a commitment to do security services, especially involving vulnerability detection and reporting such sensitive behavior of the platform, if the industry's capital control will be difficult to do justice and credibility. "By investing in these companies, it's hard not to send them benefits, which involves trade secrets and unfair competition, and it's hard for the team to have the right to speak after investing." ”

Relative to some of the existing platform from the white hat independent discovery loopholes and decentralized submission of the party in the relatively passive position of the model, Sobug has the opposite idea.

Flame to Sobug Ideal location is this: Let party a take the initiative, by the company initiative in the platform release crowdsourcing test request, and then by white hat to start to provide test results and vulnerability report, and finally by the party to white hat and platform pay.

Several of these platforms are prone to problems to solve:

The first is the potential risk of white hats: Party A is often difficult to put the white hat into the trust and the product to their test, at the same time the platform is difficult to ensure that these white hat test after the leak trend. Trust is the root of all measurement, otherwise this market demand is not tenable. In this respect, Sobug uses the Fortress machine solution. By simulating the product environment of party A in the fortress machine provided by Sobug to white hat, the hacker who participates in the test is limited to the controllable scope, and the remote operation of the fortress machine is recorded to monitor their behavior.

The second is remuneration: compensation is the direct factor that drives the white hat to participate in the test and eventually reports it to the manufacturer. If the pay is unreasonable, the power of the white hat test is not guaranteed and worse conditions may lead to leaks into other channels. Sobug's approach is to have a platform to set up pricing systems and pricing standards, and then to the manufacturers to choose to accept or further discuss with white hat, so as to protect the revenue of white hat at the same time make the vulnerability price more open and transparent.

Then there is the symbiotic relationship with the traditional security vendors: the platform theoretically competes with the traditional security vendors, and lowers the price of the traditional security vendors ' services. Flame decided to turn competition into cooperation. Now the traditional security manufacturers have a large part of the spending on the market and sales, if the peace platform to do credit endorsement, the traditional security vendors in the platforms to receive the high end of the test demand, can greatly reduce the cost of technology.

"The market is still very small, should cooperate more than competition." "Flame has been stressing this. Whether it's a traditional firm like the Green Alliance, or a model company with dark clouds and loophole boxes, flame wants to maintain a cooperative relationship with them.

He hopes that the same model of Sobug manufacturers can set up a survey alliance, the alliance can share customers and white hat resources, forming a mechanism of mutual supervision. Public testing in the domestic market is still very small, he does not want to be in the industry needs to cultivate before the formation of internal friction. By crowdsourcing the general demand to disperse a relatively low price white hat, can attract more small and medium-sized companies to take the initiative to contact the security industry, repair their own product potential safety problems. The cost of party a and traditional safety company is reduced, the exposure rate and income of ordinary white hat are increased, and finally, it is a winning situation.

Flame does not want to confine the survey to the safety market. "The measurement is a really consistent with the Internet thinking mode, we hope to make the public packaging industry Taobao." Not only is safety, but also can have engineering testing, product testing and even interactive design outsourcing. ”

Tencent was born with confidence in his products, with a total of five people in their core team, one of whom is a designer. "We want to make the manufacturer release and the white Hat submission experience to do the best, their own concentration to do the technology and platform," he hoped that the platform's sense of existence and use of the threshold to speak of the lowest, eventually become a user for the only service charge of a trusted publishing platform.




Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.