Social Media

Bug Bounty: How to Make Big Bucks Hunting Cyber Bugs

Bug Bounty
Written by prodigitalweb


Bug Bounty Programme Rewards -Importance of the Find

The US government will be launching  its first bug bounty programme this month, which is a 20 days scheme for cyber security savvy citizens in having a go at locating faults in the public websites of the Department of Defense before the illegal hackers tend to do so. The finders of the significant bugs would be rewarded a $150,000 pot for the same. Unauthorized hacks tend to make headline and can have disastrous significances for the organisation which suffers a break. Hence several tend to seek to crowdsource their security besides employing their own in-house experts, providing financial rewards which are called bounties as an incentive. Bugs tend to be legitimately big business. Uber had announced, last month that it was also entering the bug bounty field with a scheme of its own, whereas firms like Facebook together with Microsoft have been running them for years. The top reward of Microsoft is presently up to $100,000 for `truly novel exploitation techniques against protection built into the latest version of our operating system’ or anything that tends to evade all the security systems on Windows platform. A bug bounty programme usually will pay a reward depending on how important the find is.

Means of Identifying Talents

According to social network, so far, Facebook had paid almost $1 m in payments though the average pay-outs was $1,782 per bug in 2015 and its most productive bug hunters were in Egypt, India and Trinidad and Tobago. Computer scientist Gianluca Stringhini, assistant professor at the University College London had stated that `by having bug bounty programmes, companies tend to make sure the best hackers look at their code and the more eyes that look at the programme, the more bugs they find. It is also a means for the companies in identifying talent’. If one is a successful part-time bug hunter, there is a possibility that you could even get a job out of it; security researcher Chris Vickery had his current role after doing the same. He had stated that when he had found one of the databases of software firm, MacKeeper, they turned around and said that they wanted to hire him to give them tips about data breaches.

Arne Swinnen, Belgian bug hunter is presently ranked number two in so-called white hat hall of fame, of Facebook, which is a long list of the people who had helped in making its various platforms more secure, by finding and telling about the susceptibilities prior to the cybercriminals exploiting them. Mr Swinnen has a day job though in his spare time has acquired almost $15,000 in locating system weakness in the last few months. He had started out by looking at Facebook-owned Instagram after doing some researching on bugs online and detecting that less bug bounty hunters seemed to have it in mind. He explained that he looked to see what it had, a website and mobile app and looked at their functionalities and thereafter began to look for susceptibilities. Companies without designated schemes would appreciate some security support. According to cyber-security expert, Prof Alan Woodward from Surrey, under the Computer Misuse Act, in the UK, unauthorised access is a criminal offence, even if the door is wide open’.


About the author