Slashdot Mirror

← Back to Stories (view on slashdot.org)

Life As a Bug Hunter

Posted by samzenpus on from the bug-bounty dept.

An anonymous reader writes "Bug Hunter Aaron Portnoy claims to have earned $60K in 3 months as a bug hunter when he was 19 years old. Pretty impressive. Tighter company budgets and increased pressure to get a product ready by its release date means code isn't checked so thoroughly and bug frequency rises. From the article: 'Mozilla — makers of the Firefox web browser — were first to start a bug bounty programme in 2004. Their top prize is currently $3,000 (£1,800) and they have paid out about $40,000 (£25,000) per year since then. Their top earner is a student in Germany who has bagged more than $30,000 (£18,000) from a series of discoveries.'"

7 of 68 comments (clear)

  1. I do the opposite by Anonymous Coward · · Score: 5, Funny

    I make a decent amount producing new bugs.

  2. Ahem... by bughunter · · Score: 5, Funny

    I was not consulted for this article, therefore it must be considered suspect.

    --
    I can see the fnords!
  3. Re:Payment to coders? by vlm · · Score: 2

    Do they pay the coders this much too? or are the code submissions all donated?

    They could:

    1) coder will submit a javascript parser provided by me in an envelope containing both half the cash bounty and a buffer overflow
    2) ....
    3) Profit!

    --
    "Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
  4. Re:Impressive compared to what? by ark1 · · Score: 2

    The real money is in the black market of 0days. That is where Intelligence agencies and criminals compete for new vulnerabilities and are willing to throw some major money depending on the severity. If you are fortunate to find a critical 0day - think remote exploitation in a popular OS/application without user interaction then you may pocket 6 or even 7 figures for a single bug. White hat reporting is mainly done as a hobby and/or advertisement of your personal skills or your company and is not really meant to be a full time job.

  5. Re:Impressive compared to what? by Hazel+Bergeron · · Score: 2

    New model of society: govt pays ppl a basic income and govt and biz hold challenges to stimulate individuals to create and innovate and provide services like bug-finding without the need to work for a corporation.

    Read Thomas Paine on the basic income guarantee and Thomas Jefferson on copyright.

    Your ideas are as old as the USA, thus dangerously close to revolutionary in today's environment.

  6. Lite? by ninetyninebottles · · Score: 4, Insightful

    From the article:

    "When we started out it was $1337 which if you write it down spells out 'lite' which is hacker speak for elite. Since then we've increased the top prize to 3133.70 which spells 'elite,'" explained Rukowski.

    Seriously? 1337 spells "lite"? Are the authors of this article really that clueless and have that little competent review of their material? 1337 spells "leet" which sounds like "elite" if you don't really pronounce the first letter. Isn't this explained in "Hackers" or some other pop culture movie?

  7. Re:Whoa by hedwards · · Score: 2

    Firefox doesn't use that much RAM under normal conditions. Apart from that bug when you load up a whole page of photos, the use of memory is way below any of the major competitors.

    Doesn't mean that it doesn't happen, but it's usually not Firefox, it usually ends up being a plug in or extension that's using up most of the memory. Under normal circumstances you're not likely to ever use more than 500mb.