Bug bounty hunting is all about highly-skilled hackers detecting security vulnerabilities and one of the most sought after professions in the world today. Read on to know more…
Bug bounty hunters are highly talented hackers that identify security flaws or security vulnerabilities, and they are currently one of world’s most in-demand professions. The challenges to deal with the increased threat of cyberattacks, as well as the high expenses that can be incurred to recover the losses, are forcing organizations to fortify their cybersecurity.
Global Bounty Programs
Bug hunters are rewarded for discovering flaws in computer systems that could otherwise be exploited for profit by black hats, or malicious hackers. Cyberattacks such as Ransomware are one example.
According to the Center for Strategic and International Studies, cyber attacks resulting in losses of over $1 million were just one-fourth as common back then as they are now. Although there are now several platforms for supporting bug bounties as well as a thriving bug bounty community, there wasn’t much infrastructure in place to enable white-hat hackers, also known as ethical hackers, at the time.
The global hacking landscape has shifted drastically in recent years. At huge internet companies, finding web application vulnerabilities is no longer as easy. Bug bounty and bug reporting programs are becoming increasingly prevalent, and organizations are more willing to use specialized penetration testing companies. Pen testers, as they’re known, assist in the discovery of flaws in their clients’ systems and function similarly to traditional consulting firms, with professionals dedicated to uncovering security vulnerabilities.
Bug bounty platforms work in a unique way. These platforms are more akin to marketplaces, allowing free-agent bug bounty hunters and organizations looking for their services to connect. They attract organizations by offering them with access to a big pool of hackers, and hackers are attracted by a list of organizations prepared to pay for their services. Bugcrowd was the first bug bounty platform to start in 2011, and it was rapidly followed by a slew of other platforms.
Bounty Hunting in India
According to the 2020 HackerOne report, Indian hackers earned 10% of the total bounty on offer, second only to the United States (19%). Furthermore, Indian bounty hunters accounted for almost 18% of all bug reports submitted last year, with the United States coming in second with 11%.
According to experts, despite India’s thriving hacker community, India lacks the cybersecurity platforms like HackerOne, due to the lack of awareness and a reluctance to spending on cybersecurity. Startups including Zomato, Flipkart, Ola, Urban Company, and Makemytrip launched bug bounty programmes a few years ago. However, the companies’ incentives aren’t very generous, making bounty hunting less profitable.
Things are gradually changing, with several organizations increasing their bounty amounts in order to lure ethical hackers. Consider the case of Urban Company. The average bounty, according to its HackerOne profile, is around $100. As of June 2021, the lowest reward is $50 and the highest is $1,500 for critical vulnerabilities that make the system the most vulnerable to cyberattacks. Earlier, the bounty reward was $750. Zomato has the best payout, which has been enhanced this year. Now, Zomato provides a $100 minimum payout and a $2,000 maximum payout. The price range has been increased to $300–$4000.
While these are positive developments, Indian hackers remain apprehensive since they lack motivation and would rather spend their time chasing higher rewards. In the case of critical vulnerabilities, Apple and Microsoft’s payout may reach as high as $250,000.
While most organizations are aware of the threats and are increasing their cybersecurity spending, several organizations in India are still wary of cooperating with white hat or ethical hackers. Organizations are fine with cybersecurity specialists like pen testers evaluating the platform, but not bounty hunters because of a lack of trust.
A Brief Conclusion
Bug bounty hunting is becoming increasingly popular in India. Bug bounty hunting, whether pursued as a pastime or as a full-time job, can open doors to a variety of cybersecurity positions. Ethical hacking is quickly becoming a necessary part of security testing.
The payoff for bug bounty hunters or ethical hackers can be substantial or insignificant, but the work is always engaging. However, there is no guarantee that a bounty will be waiting at the conclusion of months of hard work.