Could you be a successful bug hunter?

Hackers are the bad guys who get their kicks from exploiting security loopholes online, right? Well, not necessarily these days it seems. There’s a new breed of hacker on the rise, working on the side of the website owner, helping to identify bugs and security risks. And these hackers are getting paid – legitimately.

Image Credit

Black hat, white hat

The usual opinion of hackers is that they wear the black hats online, disrupting websites, extorting money and exposing security loopholes for personal gain. In many cases the perpetrators are disaffected youngsters with time on their hands and a good knowledge of computer systems.

Big businesses are starting to realise that many hackers have useful skills that could be of great benefit in the corporate world. Hence, there is a new movement to persuade the black hat crowd to don white hats instead. With financial incentives as motivation, a new breed of hacker is emerging who is engaged in reporting bugs to website development teams, allowing them to fix issues before they are compromised.

Working for the big guys

Major organisations, including Facebook, Google, PayPal and Yahoo, are now offering Bug Bounty Programs which encourage white hat hackers to spend time exploring their systems for bugs. According to The Verge, one young hacker in India has earned around $30,000, which will enable him to complete his college education.

Many smaller companies already tend to use the services of dedicated software engineers who offer software testing services, such as For huge organisations, the use of hundreds of white hat hackers all spending time exploring different facets of their coding is financially more practical. It means that they only have to pay out when a security loophole is exposed.

How to become a bug hunter

Most experienced bug hunters recommend using free software downloads to practise on. Reading the research results of successful bug hunters provides further insights into effective hacking techniques, along with guidance on how to test systems.

Some organisations offer a brokering service, connecting hackers to vulnerable programs in return for a percentage of the bounty. Points are awarded for ‘duplicate’ discoveries of issues, meaning the hacker receives acknowledgement for his or her work, even where a monetary reward is not possible.

Hacking won’t make your fortune, but it’s possible to make good money from it.