There was a time when ethical, White Hat hackers could not make a decent living out of their wages while illegitimate, Black Hat hackers earned hundreds of thousands of dollar for an exploit offer on the black market.
Think Dog the Bounty Hunter meets tech. Yet, instead of hunting a person, you will be hunting a computer bug found in systems, protocols or software. For every bug you report, you receive a reward. The reward itself could vary; however, the most popular one is, of course, cash money.
How big a reward can you earn?
In principle, a cash reward can range from a mere hundred dollars to millions per bug reported.
In 2004, Mozilla offered a $500 reward for anyone who reported a critical security vulnerability. Fast forward 10 years and it offered a gleaming $10,000 for certificate verification in its Firefox 31 release. Currently, Mozilla has two bug bounty programs: client and web and services. For client, the reward ranges from $500 to $10,000+, and for web and services, $500-$4,000.
Joining in early 2010, Google started out bigger than Mozilla with rewards ranging from $500 to $1,337. The program grew fast that a year later, they built a neat Security Hall of Fame for the Chromium bug bounty program. Currently the reward ranges from $500 to $15,000 with a standing challenge that rewards a sweet $50,000.
In late 2013, Microsoft opened its first bug bounty program with the Mitigation Bypass Bounty and Bounty for Defense both rewarding $100,000. The following year, it launched the Online Services bug bounty program with rewards starting at $500. The best news is all of these Microsoft bounties are still waiting for you to report.
And the rest…
Other companies’ bug bounty programs worth following are Facebook, Tesla, Yahoo, Dropbox and United Airlines. You can also find lucrative bounty programs here.
Platforms and contests for more available bounties
If you clicked on any of the links from number four, you noticed some companies don’t hold their bug bounty programs independently, but via third-party platforms such as HackerOne and Bugcrowd.
HackerOne was founded by security leaders from Facebook, Microsoft and Google. Once you sign up, you’re able to see which company rewards which people and how much they received under the Hacktivity tab. On the directory tab, you can search companies are currently offering bug bounty programs including those from Twitter, Shopify and Slack.
Bugcrowd is one of the most well-known bug bounty platforms out there, claiming to have 22,868 security researchers (white hat hackers) having found over 7,521 vulnerabilities for over 200 companies.
According to Planet Zuda Information Security, the strength of BugCrowd lies in its feature called ‘managed bug bounties.’ This feature has the submitted bug report overseen by bugcrowd staff before being passed through to the respective company.
The advantage of this feature is you, as the white hat hacker, are assured that qualified researchers on the other end examine each issue, eliminating any doubt that someone incapable is handling your work. If your report passes BugCrowd researchers’ examination, your chance to get paid by the respective company will be higher.
If you’re more into competition, then International Programming Player Competition (IPPC) is for you! Known as the biggest Java programming competition, the event takes place on February 27, 2016 with a total prize money a whopping $500,000.
Join the crowd!
If you’re interested in a change of career or a side profession where you can earn these riches, grab our Pay What You Want: White Hat Security Hacker bundle from TNW Deals.
Happy bug hunting!
Celebrate Pride 2020 with us this month!
Why is queer representation so important? What's it like being trans in tech? How do I participate virtually? You can find all our Pride 2020 coverage here.