Evidence of meeting #147 for Public Safety and National Security in the 42nd Parliament, 1st Session. (The original version is on Parliament’s site, as are the minutes.) The winning word was vulnerabilities.
A video is available from Parliament.
5 p.m.
Founder, HackerOne
One of the things we've been very proud of is the improvement people have seen by leveraging the hacker community to create a mature security organization, up to the point where we've seen that, even with our expertise in security, there are always problems being uncovered by other people who are much smarter or more creative than us.
The model works. Because of our relationship with the hacker community, we are able to build products that help organizations establish a relationship with the hacker community, and we essentially mediate between the two if necessary. Our success is solely through the success of the hacker community and the kinds of security vulnerabilities they have found for our customers.
5 p.m.
Liberal
Michel Picard Liberal Montarville, QC
My concern is the following. From a practical standpoint, it's great. From a legal standpoint, as state with the rule of law, we have to make sure that we don't engage or contract “delinquents”, by definition, therefore legitimizing illegal activity for our own purpose and good. That doesn't work. We have to work with something legal in order to justify our actions. Did you have to go through some sort of recognition, or erasing a past file or whatever?
5 p.m.
Vice-President, Policy, HackerOne
With the DOD we had to pass additional requirements. The hackers had to pass additional vetting requirements from the Department of Defense. The Canadian government can do what the U.S. government did, which is making the Hack the Pentagon series of programs very, very public. It opened up the doors for a lot of the hackers and invited them to hack on the platform. That set in motion the acceptance of inviting the talent out there that you might not know about.
There are some programs where hackers sign additional NDAs directly with the customer or client, or customers can ask only citizens of certain countries, like the U.S., in some cases. Some customers only want U.S. citizens on the platform. We work with the customer to see what makes them comfortable and then select which hackers would be best for their program.
5 p.m.
Former Information Systems Security Officer, Department of National Defence, As an Individual
Mr. Picard, we already have companies throughout the country that are engaged in white hat hacking activities. These are legitimate companies. There are no criminals involved. People are coming out from the university circuit and getting hands-on experience just as I have done throughout my life. They can provide a solid solution also, just like HackerOne.
You have GoSecure in Montreal, which is well-renowned. They are fed by people coming out of university. They are very professional, just like this lady and gentleman with HackerOne.
5:05 p.m.
Liberal
The Chair Liberal John McKay
I want to thank each of you on behalf of the committee, but also personally, for a fascinating hour and a half. This window into cybersecurity is getting more and more complicated the further we study it.
I'm sure that our friends in California have a much better weather window than we do.
The meeting is adjourned.