“As more of life gets digitized, the opportunities in mobile and web application security will continue to grow.”Īsked to name the most common misperception about hacking, Tommy replied, “That it’s hard. “If you’re passionate about computer security and you want to do it well, the money will eventually come.”įor anyone with the interest and commitment, Nate strongly encourages you to consider computer security.
Nate cautions you to avoid going into it purely for the money, though. He's a great testament to the fact that with the right interest and dedication, there are very few barriers to entry. Santiago, who hails from Argentina, began hacking at 16 and was the first to reach $1 million in lifetime awards.
For Nate, it’s being his own boss for Santiago, it's freedom, and for Tommy, the money. The three panelists reward responsive, transparent, communicative, and welcoming programs with their time.īloomberg’s Ito kicked off the panel asking each hacker to name their favorite thing about being a hacker. While her comment was directed at hackers and how they only get paid for valid vulnerabilities, it is equally true of programs. As Bloomberg’s Ito said, bounty hunting is extremely performance-based.
If they’ve never worked with a certain program before, panelists shared that they will frequently submit a report or two to test the program’s responsiveness. Will your program page be ready to grab their attention? That’s when they go looking for other interesting programs. While it’s true that established programs like Verizon have a head start, even the best hackers hit the occasional dry spell on those programs. (By the way, HackerOne has benchmark stats, guides, and professional services to help you with these program dimensions.) Other things you may need to work up to, like having a big scope, or paying top dollar. Some are things every organization running a bounty program can do, like be explicit and transparent about how much you pay for different types of vulnerabilities and treat that like a contract, triage, remediate, and pay quickly, and treat hackers with the same professional respect as you do members of your team. Whether you are a security leader looking to get the most out of your HackerOne Bounty program, a hacker looking to improve, or an aspiring hacker looking to get in, read on for advice from some of the best.Īlthough each panelist came from a different corner of the world, the three shared similar advice on how programs can get their attention. But a few of our hackers have made a really good living.īloomberg Tech Editor Aki Ito moderated a 40-minute panel at HackerOne’s recent conference with three elite hackers, each of whom has grossed over $1 million in bounty earnings with HackerOne. As many hackers on the HackerOne platform know, you can make a good living out of bug-hunting.
0 kommentar(er)
