Websites, e-commerce pages and software programs are rarely perfect right out of the gate. Companies rely on dozens of quality assurance testers and programmers to identify and resolve coding issues and bugs before their products hit the market. However, even these experts on the inside can miss imperfections.
When an analyst, programmer or quality assurance tester needs an extra set of eyes, it can help the company a great deal to look to outside sources for help. Companies in the past 20 years have sought out help with locating exploits and issues in their programs in the form of bug bounties.
The History of Bug Bounties
During the internet’s early days of proliferation in the ‘90s, programmers and engineers at Netscape Communications Corporation were encouraged to locate problems in the company’s internet browsers, including Mosaic, Netscape and Firefox, and create fixes to ensure a better user experience.
One technical support engineer named Jarrett Ridlinghafer started thinking outside the box when he realized the company’s browsers had a seemingly-fanatical following among programmers and hackers. They successfully identified the products’ vulnerabilities, created fixes and shared their work within the fan community. He immediately drafted the “Bugs Bounty” program and presented it to Netscape executives.
Ridlinghafer’s program incentivized outside hackers, programmers and engineers to seek out issues in their products and report them to Netscape for money. This idea is often cited as one of the reasons Netscape catapulted to success before their eventual demise at the hands of Microsoft. Now, the bug bounty program has taken the technology industry by storm.
What Are the Benefits of Bug Bounties?
The name may sound funny, but bug bounties are, at their very core, real bounties. Corporations, governments and organizations around the world post listings asking for assistance from hackers, security experts and freelance programmers. The freelancers receive payment for their work.
Although bug bounties are effective and useful for companies hoping to release a bug-free product, bounties are often implemented in conjunction with internal audits of the software for optimum coverage. With fewer employees needed for quality assurance before release and fewer bugs going unnoticed that will need to be fixed later, the organization saves money, time and manpower. As an added bonus, paying white hat hackers to correct errors in their products can also help stave off black hat hackers that may exploit vulnerabilities.
Which Bug Bounties Are Currently Available?
If you’re interested in viewing the bounties that are currently up for grabs, there are numerous websites with listings from companies and organizations in various fields. From Airbnb to AT&T, AOL to Google, companies large and small are searching for qualified programmers, hackers and security experts to strengthen their products before they launch. Browse sites like HackerOne and Bugcrowd to get paid to do what you love!
Uber’s Bug Bounty Misadventure
Bug bounties made headline news recently thanks to Uber’s data breach cover up. A hacker gained access to the account information of approximately 57 million drivers and passengers through information left in GitHub by Uber developers. The hacker attempted to ransom the information back to Uber for $100,000. Uber has an existing bug bounty program, so to get around having to publicly acknowledge they were hacked they instead told the hacker to sign up for their bug bounty program, report the exploit as if he were collecting a bug bounty and get paid $100,000.
That’s exactly what the 20 year old hacker did, and Uber was able to avoid public disclosure under the guise that this was just an instance of a bug bounty hunter collecting a bounty. Uber’s new CEO, Dara Khosrowshahi, ordered incident be made public in an action intended to show the world the company is seeking to turn over a new leaf in regards to transparency. He also fired multiple Uber security personnel involved with the situation, including their chief security officer and an attorney.
According to HackerOne, bug bounty payments are normally around $5,000 to $10,000.
Invest in Yourself with Washington Technology University
The technology sector continues to drive the economy. Thousands of new jobs are created yearly, making cyber security and technology a wise career choice for any individual hoping to push the boundaries of cutting-edge tech. With such an exciting and challenging work environment as well as great pay, it’s no wonder more students are choosing a tech-focused career path today.
Ready to take the plunge? At Washington Technology University, we understand our students come from all walks of life and have vastly different needs. That’s why we provide a unique block schedule so you can excel in one course at a time while customizing your schedule to fit your busy lifestyle. Contact us online or call (425) 223-5812 to learn more about our programs or admissions process.