Bug Bounties: Hacking for a pay cheque

The relationship between companies, governments and hackers has always been volatile. The word hacker can conjure thoughts of hoodies, financial loss and reputational damage in the minds of CEOs and world leaders. Conversely, hackers may think of large corporations as uncreative, corrupt, bureaucratic nightmares. 

Creating a middle ground is vital, however. Bug bounties create a meaningful bridge.

The concept is simple: a company signs up to bug bounty websites such as HackerOne or BugCrowd and offers money for those who can spot IT problems. Hackers create a profile, find a company’s page and click ‘submit’ to file a bug report. 


City office landscape


How it works

A private dialogue is opened between the hacker and the company (usually their security team) and if the bug is seen as a valid risk, it is patched and a reward is calculated based on its seriousness.

How well does it work? Have a look at HackerOne’s hacktivity page, which shows successfully disclosed bugs. The vendor, the type of bug patched, the username of the hacker (with a link to their profile), the risk the bug posed and the monetary amount awarded are all displayed.


computer code


Payment

How much do companies pay and how many bugs are found? Some fixes are worth several hundred dollars but others can be as high as $200,000 or even more.

Being a bug bounty hunter isn’t a get-rich-quick scheme. Most hackers earn less than $20,000 per year, although at least seven hackers have earned more than $1m and an ethical hacker from Romanian named Cosmin Lordache, or @inhibitor181, earned more than $2m from HackerOne.

Google paid a record $6.7m to bug bounty hunters in 2020. Microsoft paid $13.7m in 2019-2020 including one reward of $200,000. PayPal handed over nearly $2.8m in bug bounties over two years. Twitter and Intel also use HackerOne's bug bounty program.

A list of bug bounty programs can be found on Bugcrowd, Open Bug Bounty, SynAck and YesWeHack. Happy hunting!

Bug Bounties: Hacking for a Paycheck

BY
SPYSCAPE
5
MINUTE READ
Share with Twitter
@SPYSCAPE
Share
Share to Facebook
Share to Twitter
Share with email

The relationship between companies, governments and hackers has always been volatile. The word hacker can conjure thoughts of hoodies, financial loss and reputational damage in the minds of CEOs and world leaders. Conversely, hackers may think of large corporations as uncreative, corrupt, bureaucratic nightmares. 

Creating a middle ground is vital, however. Bug bounties create a meaningful bridge.

The concept is simple: a company signs up to bug bounty websites such as HackerOne or BugCrowd and offers money for those who can spot IT problems. Hackers create a profile, find a company’s page and click ‘submit’ to file a bug report. 


City office landscape


How it works

A private dialogue is opened between the hacker and the company (usually their security team) and if the bug is seen as a valid risk, it is patched and a reward is calculated based on its seriousness.

How well does it work? Have a look at HackerOne’s hacktivity page, which shows successfully disclosed bugs. The vendor, the type of bug patched, the username of the hacker (with a link to their profile), the risk the bug posed and the monetary amount awarded are all displayed.


computer code


Payment

How much do companies pay and how many bugs are found? Some fixes are worth several hundred dollars but others can be as high as $200,000 or even more.

Being a bug bounty hunter isn’t a get-rich-quick scheme. Most hackers earn less than $20,000 per year, although at least seven hackers have earned more than $1m and an ethical hacker from Romanian named Cosmin Lordache, or @inhibitor181, earned more than $2m from HackerOne.

Google paid a record $6.7m to bug bounty hunters in 2020. Microsoft paid $13.7m in 2019-2020 including one reward of $200,000. PayPal handed over nearly $2.8m in bug bounties over two years. Twitter and Intel also use HackerOne's bug bounty program.

A list of bug bounty programs can be found on Bugcrowd, Open Bug Bounty, SynAck and YesWeHack. Happy hunting!

Article Ad
Article Ad
Read mORE

RELATED aRTICLES

Gadgets & Gifts

Put your spy skills to work with these fabulous choices from secret notepads & invisible inks to Hacker hoodies & high-tech handbags. We also have an exceptional range of rare spy books, including many signed first editions.

Shop Now

Your Spy SKILLS

We all have valuable spy skills - your mission is to discover yours. See if you have what it takes to be a secret agent, with our authentic spy skills evaluation* developed by a former Head of Training at British Intelligence. It's FREE so share & compare with friends now!

dISCOVER Your Spy SKILLS

* Find more information about the scientific methods behind the evaluation here.