Bug Bounties: Hacking for a Paycheck
The relationship between companies, governments and hackers has always been volatile. The word hacker can conjure thoughts of hoodies, financial loss and reputational damage in the minds of CEOs and world leaders. Conversely, hackers may think of large corporations as uncreative, corrupt, bureaucratic nightmares.
Creating a middle ground is vital, however. Bug bounties create a meaningful bridge.
The concept is simple: a company signs up to bug bounty websites such as HackerOne or BugCrowd and offers money for those who can spot IT problems. Hackers create a profile, find a company’s page and click ‘submit’ to file a bug report.

How it works
A private dialogue is opened between the hacker and the company (usually their security team) and if the bug is seen as a valid risk, it is patched and a reward is calculated based on its seriousness.
How well does it work? Have a look at HackerOne’s hacktivity page, which shows successfully disclosed bugs. The vendor, the type of bug patched, the username of the hacker (with a link to their profile), the risk the bug posed and the monetary amount awarded are all displayed.

Payment
How much do companies pay and how many bugs are found? Some fixes are worth several hundred dollars but others can be as high as $200,000 or even more.
Being a bug bounty hunter isn’t a get-rich-quick scheme. Most hackers earn less than $20,000 per year, although at least seven hackers have earned more than $1m and an ethical hacker from Romanian named Cosmin Lordache, or @inhibitor181, earned more than $2m from HackerOne.
Google paid a record $6.7m to bug bounty hunters in 2020. Microsoft paid $13.7m in 2019-2020 including one reward of $200,000. PayPal handed over nearly $2.8m in bug bounties over two years. Twitter and Intel also use HackerOne's bug bounty program.
A list of bug bounty programs can be found on Bugcrowd, Open Bug Bounty, SynAck and YesWeHack. Happy hunting!
"The brand new social experience where you activate your gaming skills as you train like a spy."
- TimeOut
Take on thrilling, high-energy espionage challenges across different game zones.

SPYSCAPE+
Join now to get True Spies episodes early and ad-free every week, plus subscriber-only Debriefs and Q&As to bring you closer to your favorite spies and stories from the show. You’ll also get our exclusive series The Razumov Files and The Great James Bond Car Robbery!


Gadgets & Gifts
Explore a world of secrets together. Navigate through interactive exhibits and missions to discover your spy roles.
Your Spy Skills
We all have valuable spy skills - your mission is to discover yours. See if you have what it takes to be a secret agent, with our authentic spy skills evaluation* developed by a former Head of Training at British Intelligence. It's FREE so share & compare with friends now!
* Find more information about the scientific methods behind the evaluation here.

Stay Connected
Follow us for the latest
TIKTOK
INSTAGRAM
X
FACEBOOK
YOUTUBE