WANTED: Hackers for Bug Bounties

Hackers for Bug Bounties

WANTED: Hackers for Bug Bounties

In previous posts here, I have pointed out that hackers are in high demand around the world and in nearly every industry. Every military and espionage unit of every country is trying to hire high-quality, experienced hackers as fast as they can to hack their adversaries' computer systems in order to gain a strategic advantage and to spy.

Information security firms can't get enough well-trained hackers to test and improve the security of their clients' networks, platforms, and systems. This is one job category where the demand far outstrips the supply and good hackers are commanding top salaries.

Now, there is yet another opportunity for fledgling hackers to make money, while honing their skills until the big job offer arrives. Several Silicon Valley firms—including PayPal, Google, Facebook, Twitter and Yahoo—are paying bounties to hackers who find security holes in their systems and platforms. In this way, they hope that these white hat hackers will find and report the security flaws before the black hats exploit them.

To collect the bounty, you must first report the flaw to the company and give them time to close the vulnerability before you reveal it publicly. Twitter has reported that it has already resulted in finding 46 bugs in their platform in the short time their program has been active, while PayPal has reportedly paid out over 1,000 bug bounties.

The bounties range anywhere from the Twitter payout of a minimum of $140 for every security bug reported, all the way up to $150,000 that Google is offering to anyone who can own a Google Chromebook. Google reportedly has a bug bounty pool of $2.7 million!

Interestingly, Apple has refused to participate in this program, despite many of its neighbors in Silicon Valley doing so. Considering Apple's atrocious security record of late (Shellshock, iCloud, WireLurker, etc.), maybe Apple should reconsider? (Update: Apple has started offering bug bounties, but only to select security researchers at the moment.)

Here is a brief list of companies who pay for bounties on security holes in their systems and platforms.

For more, you can check out HackerOne, who acts as the middlemen for some other companies, or Zero Day Initiative, who buys zero-days of all varieties. Also, Bugcrowd has a very good bug bounty list.

This might be just the way for to you hone your skills and make money doing what you love without the risk of getting caught and going to prison. It doesn't get much better than that, my fledgling hackers!

7 Comments

I've heard of these bug rewards; always been skeptical that they'd pay up though.

ghost_

Pwn2Own is an example, just look at Pwn2Own event 2014...
Or is it?

Does this mean that you can't get into trouble if you are caught hacking these sites? (Assuming you claim to be trying to earn bounties and aren't actively harming the site ...) Or do you have to register yourself as a researcher in some way?

Ah right, should have visited the above link before asking..

when i was in the military fora short time (to fix thier shit as my own goal) i could not only see the hacks but i could feel them lol, dont they recognize a hacked computer when they touch it? i mean seriously the moust should not be stuttering when you open a web page - and crap and crap- and so on. still waiting for someone tio hire my ass my software was built for this kind of shit lol.

Thinking of getting into this. How difficult of a time would you say a beginner would have on this?

EDIT: Ahh, so it'd be quite difficult. Rofl understandable! I'd assume it'd be difficult especially with payouts of $1,000+!!!

Share Your Thoughts

  • Hot
  • Latest