Technology 4 min read

Inside a bug Bounty Hunting Economy That Google and the DoD Support

Willrow Hood | Shutterstock.com

Willrow Hood | Shutterstock.com

With the growing number of security breaches and cyber attacks in our daily life, more friendly hackers are making a living from finding software flaws before malicious ones do.

The profession of bounty hunter, which has long fed the imagination of Hollywood, is legal in the U.S., where ordinary citizens can search for bail jumpers.

Fugitive recovery agents, to exercise their craft, need a strong heart, negotiation skills, and, if necessary, martial arts skills and weapons to subdue their target.

You can get $31,000 from #Google for finding bugsClick To Tweet

Yet, on the Internet, bounty hunters pretty much just have to be skilled with coding. There is another breed of bounty hunters who, instead of apprehending criminal fugitives, hunt “bugs”, or flaws in company security software, for handsome rewards.

How Bug Hunting Started

It all started with Netscape, which on Oct. 10, 1995, rolled out the first-ever bug bounty program to reward users who could identify security bugs in its Navigator 2.0 Beta.

Seven years later, iDefense was the second to offer a reward for a “middleman” who would report bugs in third-party software.

In 2004, the Mozilla Foundation created its own bounty, offering up to $500 USD in rewards to those who find critical vulnerabilities in the Firefox browser.

TippingPoint was the second company to launch a “middleman” bug bounty program, in 2005, known as the Xero Day Initiative.

Then, in 2007, the Zero Day Initiative (ZDI) launched the famous Pwn2Own competition, where participants had to search for security vulnerabilities in the main operating systems and internet browsers available back then, competing for a superlaptop and $10,000 cash.

ZDI just celebrated the 10th anniversary of Pwn2Own, holding the Pwn2Own 2017 in March at the CanSecWest 2017 Conference in Vancouver, Canada. The contest was extended to include five categories that reflect security trends in computing space, this time with over $1,000,000 USD in rewards.

Friendly Hackers to Make Internet Safer

Since Netscape’s first bug bounty program back in the 1990’s, the world and computing have drastically changed. Now, we’re at the age of cloud computing, digital currencies, and the Internet of Things is, well, a thing. The “hackable” zone has become so vast that it led to the rise of large-scale malware attacks that we’ve never seen before (read about the Equifax hack and Yahoo’s super breach).

In recent years, bug bounty hunting has become a common practice among whitehat hackers who found a legit way to put their “dark” skills to good use and make some cash.

Google is all over the web with its apps, services, and tools that are not exempt from the natural vulnerabilities that come with coding something. In 2010, Google launched its bug bounty program, now known as the Google VRP (Vulnerability Reward Program).

For rewards ranging from $100 to $31,000 USD, security experts all over the world are called to look for qualifying security bugs in all Google-owned products under these domains: google.com, youtube.com, and blogger.com.

A year later, in 2011, Facebook launched its bug bounty program, Facebook Whitehat, offering minimum rewards of $5,000 with no upper limit.

The Internet Bug Bounty is an international program sponsored by five companies and organizations: Facebook, Microsoft, Ford Foundation, HackerOne, and GitHub, with a management panel of volunteer security researchers.

The IBB program rewards (with cash prizes of $5,000 USD for a qualifying bug) “friendly hackers” for spotting security vulnerabilities in the internet infrastructure that can affect the wide public.

The U.S. Department of Defense also holds its own bug bounty competitions (the U.S. Navy’s Hack Our Ship Program is one good example).

Know any bug bounty hunters? Who have they worked for? 

First AI Web Content Optimization Platform Just for Writers

Found this article interesting?

Let Zayan Guedim know how much you appreciate this article by clicking the heart icon and by sharing this article on social media.


Profile Image

Zayan Guedim

Trilingual poet, investigative journalist, and novelist. Zed loves tackling the big existential questions and all-things quantum.

Comment (1)
Most Recent most recent
You
  1. Profile Image
    Linda Anthony December 14 at 5:44 pm GMT

    GET RICH WITH BLANK ATM CARD, Whatsapp: +18033921735

    I want to testify about Dark Web blank atm cards which can withdraw money from any atm machines around the world. I was very poor before and have no job. I saw so many testimony about how Dark Web Online Hackers send them the atm blank card and use it to collect money in any atm machine and become rich I email them also and they sent me the blank atm card. I have use it to get 500,000 dollars. withdraw the maximum of 5,000 USD daily. Dark Web is giving out the card just to help the poor. Hack and take money directly from any atm machine vault with the use of atm programmed card which runs in automatic mode.

    You can also contact them for the service below

    * Western Union/MoneyGram Transfer

    * Bank Transfer

    * PayPal / Skrill Transfer

    * Crypto Mining

    * CashApp Transfer

    * Bitcoin Loans

    * Recover Stolen/Missing Crypto/Funds/Assets

    Email: darkwebonlinehackers @ gmail . com

    Telegram or Whats App: +18033921735

share Scroll to top

Link Copied Successfully

Sign in

Sign in to access your personalized homepage, follow authors and topics you love, and clap for stories that matter to you.

Sign in with Google Sign in with Facebook

By using our site you agree to our privacy policy.