There’s a new type of bounty hunter out there. The payoff is great, the skill set is limited, and the hunted are bugs. Bounty hunting and the future have officially collided. Tech companies like Google are paying big for skilled software engineers to find bugs in their programming. Google’s bug bounty program paid out a near $3 million in 2017. And the bugs they’re looking for are specifically related to security.
The Google Vulnerability Reward Program recently posted their 2017 review, displaying the payout numbers they gave as a reward for programmers finding security bugs. There’s some real money to be had in this line of business. More difficult and dangerous bugs have a higher payoff. Also time spent searching and number of bugs found can increase the reward. Prizes can even get up to $100,000.
Google has a couple of different bug bounty reward programs. There are the Patch Rewards Program and the Vunerability Research Grant Program. The Patch Rewards Program has been in existence since 2013 and contributes to Google web apps and Google Chrome. Meanwhile the Vulnerability Research Grant Program is more recent, starting in 2015. This program is for the cream of the crop when it comes to programmers and in many cases is invite only. They’ll even reward security researchers when vulnerabilities are found.
Bug bounty hunters are serving a critical role. They are plugging a hole in the software security ecosystem, trying to find dangerous vulnerabilities before hackers are able to. The payoff is well deserving of the endeavour, with last year’s highest being $112,500.
There are others beside Google who hold a program for bug bounty. Other companies include Airbnb, Mastercard and GM. Perhaps the most important bug bounty program is through the Pentagon. They recognized that while there are many hackers trying to wreak havoc, there are just as many who want to use their skills to help.
Now, bug bounty programs have risen, helping companies with their vulnerabilities. This saves a company from starting their own program like Google, GM and Airbnb have done. HackerOne is arguably the most successful, as it raised a near $75 million since starting and $40 million last year alone.
For the bounty hunters, they are motivated by more than money. When they find a bug it greatly improves their profile and notoriety within the community. This can help them get more bug bounty jobs, as well as invites to the specialized groups like Google’s Vulnerability Research Grant Program.
The amount of software programs is only increasing. Mobile apps have taken over our lives, more of our documents are stored on a cloud server, and even our TV is moving towards applications. With all of the new and different software out there, more and more private information is being stored in programs. It’s good to hear that there’s a group out there trying to find the security vulnerabilities and fix them before they get in the wrong hands.