Crowdsourcing the Hunt For Software Bugs is a Booming Business -- and a Risky One

The cybersecurity gig economy has expanded to hundreds of thousands of hackers, many of whom have had some experience in the IT security industry. Some still have jobs and hunt bugs in their spare time, while others make a living from freelancing. They are playing an essential role in helping to make code more secure at a time when attacks are rapidly increasing and the cost of maintaining dedicated internal security teams is skyrocketing. From a report: The best freelance bug spotters can make significant sums of money. HackerOne, which has over 200,000 registered users, says about 12 percent of the people using its service pocket $20,000 or more a year, and around 3 percent make over $100,000. The hackers using these platforms hail mostly from the US and Europe, but also from poorer countries where the money they can earn leads some to work full time on bug hunting.

Voting for bugs.

Maybe Diebold should do something like this?

here is some more info on this topic

[FudRucker]

https://www.bloomberg.com/news...

Re:here is some more info on this topic

This looks like a shameless plug for HackerOne. Making 20K a year is nothing. Most people won't make money. It's like Uber, you won't make money. You might think you are making money, like many Uber driver's do, but you are not. Also, if your company security strategy is organizing a bug bounty, omg, please tell me who you are to make sure I never use your services. Nevermind authorizing an unlimited number of anonoymous people attack your network/service (yes, you are giving them permission to attack your service.You'll always have hacking attempts, but they are ilegal) Also, as a security professional, a real one, you should understand time spent looking for issues and not finding any is also valuable. The value you provide is not only finding things, not finding things, if your work is done properly, is also very valuable. You don't pay your doctor per disease cured, you pay your doctor to do a lot of stuff to verify if you are ok.
This kind of things are destroying the value actual security professionals provide, and people working for HackerOne and alikes are basically destroying the value of what they do.

Re:here is some more info on this topic

[rtb61]

It's like M$ a full metal jacket, in-fucking-sane. Let's fuck over our bug testers because when a bad bug leeks out it is so fucking good for our business. Lets fuck over our bug testers hard, bend them over that desk, ram it in and just pound them as hard as possible because that is sure going to make them motivated to find all the bugs and report them instead of selling them on the black market, yeah, uh, uh, uh, uh. No wonder M$ software is so unreliable shite.

There is a level of perverse insanity only capable by psychopaths, when it comes to handing out source code to outside contractors for bug checking because it is cheaper. Espionage agencies of the world must been having a field day in the contractor market, finding bugs and not reporting them. I'll bet you any kind of money, that you can get more money for those bugs by selling them to the companies competitors. Mass no profit attack that cripples the company, and free's up around 50% of it's customers, just ready for your big marketing push.

Moscow Don better watch his phat bootay!

1. Trump goes to prison for life
2. Trump's phat booty is raped by a well-hung inmate daily
3. NO COLLUSION!
4. Trump pretends it never happened
5. Trump dies and is buried under the prison

The End

Re:Moscow Don better watch his phat bootay!

Fuck off Russian

Risky business?

The title says that crowdsourcing the bug hunt is a risky business, but the summary here should explained why is it that way.

Better

[phantomfive]

Better would be to not have so many bugs in the first place. Most of these are preventable with a little knowledge.

Re:Better

but that requires hiring better programmers and better managers to lead those programmers and we cant have that because it cuts into the CEO's compensation while also dropping certain ratios that cause speculators to devalue our stocks....