The concept of bug hunting started in 1998 at the communications company Netscape, who after realizing that many of the employees at the company were finding and fixing errors in the code of their own volition, sought a way to get people outside the company to do the stress-testing.
The idea spread throughout the technology industry and has now become an important tool used by companies to maintain security and drive efficiency.
Bug bounties in blockchain projects
Bug bounties are also an integral part of the cryptocurrency space. To provide the highest level of efficiency without compromising on security or safety, many blockchain projects run such programs.
Moreover, because this space is still in its NAScence and is growing fast, the probability of vulnerabilities in software is much higher. For evidence of this one need look no further than the numerous successful hacks on exchanges and ICO projects.
Well-known projects such as Ethereum (available on Coinbase) and Dash run bounty programs as well as startups, such as Kraken and Coinexchange, looking to avoid any breaches. These initiates have unearthed a number of critical vulnerabilities such as one in the Dash version of the Copay wallet, which exposed information including private keys to hackers.
How do I join a bug bounty program?
The programs can either be open to anyone to participate or by invite only. Starting off, the Bugcrowd is a good platform to sign up to, which is similar to the freelance network Upwork for those with good coding experience wanting to get some jobs on-the-fly.
Bug hunting usually works on a simple premise: those who find the most serious code errors are compensated more than those who find lesser vulnerabilities. It is important to note that each company can require the errors to be submitted in their own particular format to help them understand the vulnerability in the code.
Can I work fulltime as bug bounty hunter?
Those who participate in these programs are typically hackers or software security researchers. However, in this context, so-called “white hat hackers” are able to provide a company with invaluable information.
Bugcrowd, one of the leading bug bounty listing resources, in its latest report outlines how the industry has grown in value: “Total payouts have surpassed $6 million ($6,392,992), up 211 percent since 2016 while the average payout is now $451 (vs. $295 in 2016). The average payout on Critical (P1) vulnerabilities is $1,776.”
As is the case with any community, the hacking space is a hierarchical one. In addition to the monetary compensation, bounty programs attract coders as they provide them with a level of fame and clout within their community; many companies, in fact, have a hacker hall of fame.
Why are bug bounty programs important?
Every company relies on some form of underlying software and that software is a living piece of computer code that requires constant updating to stay on the cutting edge and maintain security.
And as The Bugcrowd report notes, finding the chinks in software security is increasingly important: “The number of valid vulnerabilities has surpassed 52,000 — an industry high. This is further supported by the increase in the criticality of bugs identified — this year 25% more critical vulnerabilities were submitted than in the 2016 report.”
Although it’s not a common replacement for most 9-5 jobs, it is good freelance work for those proficient in coding and those that want to improve.