This article was published on February 3, 2016

There is a brighter tomorrow for White Hat hackers


There is a brighter tomorrow for White Hat hackers

There was a time when ethical, White Hat hackers could not make a decent living out of their wages while illegitimate, Black Hat hackers earned hundreds of thousands of dollar for an exploit offer on the black market.

Those days have ended, however, thanks to Mozilla’s popular bug bounty program back in 2004 and the subsequent “No More Free Bugs” campaign by famous Mac hacker Charlie Miller.

bugbounty_timeline[1]
Credit: Cobalt

Think Dog the Bounty Hunter meets tech. Yet, instead of hunting a person, you will be hunting a computer bug found in systems, protocols or software. For every bug you report, you receive a reward. The reward itself could vary; however, the most popular one is, of course, cash money.

How big a reward can you earn?

In principle, a cash reward can range from a mere hundred dollars to millions per bug reported.

    1. Mozilla
      In 2004, Mozilla offered a $500 reward for anyone who reported a critical security vulnerability. Fast forward 10 years and it offered a gleaming $10,000 for certificate verification in its Firefox 31 release. Currently, Mozilla has two bug bounty programs: client and web and services. For client, the reward ranges from $500 to $10,000+, and for web and services, $500-$4,000.

      client bug bounty
      Mozilla Client Bug Bounty

    2. Google
      Joining in early 2010, Google started out bigger than Mozilla with rewards ranging from $500 to $1,337. The program grew fast that a year later, they built a neat Security Hall of Fame for the Chromium bug bounty program. Currently the reward ranges from $500 to $15,000 with a standing challenge that rewards a sweet $50,000.

      Google's Bug Bounty
      Google Bug Bounty

    3. Microsoft
      In late 2013, Microsoft opened its first bug bounty program with the Mitigation Bypass Bounty and Bounty for Defense both rewarding $100,000. The following year, it launched the Online Services bug bounty program with rewards starting at $500. The best news is all of these Microsoft bounties are still waiting for you to report.
      Picture2
    4. And the rest…
      Other companies’ bug bounty programs worth following are Facebook, Tesla, Yahoo, Dropbox and United Airlines. You can also find lucrative bounty programs here.

Platforms and contests for more available bounties

If you clicked on any of the links from number four, you noticed some companies don’t hold their bug bounty programs independently, but via third-party platforms such as HackerOne and Bugcrowd.

HackerOne was founded by security leaders from Facebook, Microsoft and Google. Once you sign up, you’re able to see which company rewards which people and how much they received under the Hacktivity tab. On the directory tab, you can search companies are currently offering bug bounty programs including those from Twitter, Shopify and Slack.

Hacktivity Interface
Hacktivity Interface

Bugcrowd is one of the most well-known bug bounty platforms out there, claiming to have 22,868 security researchers (white hat hackers) having found over 7,521 vulnerabilities for over 200 companies.

According to Planet Zuda Information Security, the strength of BugCrowd lies in its feature called ‘managed bug bounties.’ This feature has the submitted bug report overseen by bugcrowd staff before being passed through to the respective company.

The advantage of this feature is you, as the white hat hacker, are assured that qualified researchers on the other end examine each issue, eliminating any doubt that someone incapable is handling your work. If your report passes BugCrowd researchers’ examination, your chance to get paid by the respective company will be higher.

Bugcrowd Interface
Bugcrowd Interface

If you’re more into competition, then International Programming Player Competition (IPPC) is for you! Known as the biggest Java programming competition, the event takes place on February 27, 2016 with a total prize money a whopping $500,000.

Want more? CanSecWest security holds an annual computer hacking contest  – Pwn2Own. Last year alone, Korean hacker Jung Hoon Lee, aka Lokihardt, won $225,000 in prize money.

Join the crowd!

If you’re interested in a change of career or a side profession where you can earn these riches, grab our Pay What You Want: White Hat Security Hacker bundle from TNW Deals.

Happy bug hunting!

Pay What You Want: White Hat Security Hacker bundle

Get the TNW newsletter

Get the most important tech news in your inbox each week.