Netease Technologies News Dec. 15, according to U.S. media reports, the latest data released by Bugcrowd, a security vulnerability reward platform, shows that freelance elite hackers can earn more than $500,000 a year by searching for security vulnerabilities and reporting problems identified by Tesla and other companies and the U.S. Department of Defense.
Bugcrowd, founded in San Francisco in 2012, is one of the few so-called vulnerability rewards companies that allow customers to find and report software security vulnerabilities. These companies provide a platform for hackers to safely track security vulnerabilities in the software of companies that want to be tested.
Hackers work for a particular company under a contract and receive a reward when they find defects in the companys infrastructure. The amount of reward they receive depends on the severity of the loopholes found.
Casey Ellis, chief executive of Bugcrowd, said that as there were millions of jobs in software security, more and more companies were looking for alternatives to network security testing. It is estimated that 3.5 million cyber security jobs will be vacant by 2021.
Ellis said the biggest reward Bugcrowd experienced last year was $113,000, which was to find a loophole for a large technology hardware company. Data show that such reward payments increased by 37% year-on-year in 2018.
The group that does this is called ethical hackers, and they are hired by security experts to test the security of enterprises or institutionsnetworks and computer systems. According to the survey, half of the moral hackers have full-time jobs. About 80 percent said the effort helped them find a job in cybersecurity. Ellis said the top 50 hackers received an average of about $145,000 a year in reward payments.
According to Ellis, the most profitable hackers have excellent basic skills.
When they find a particular vulnerability category, they keep tracking the vulnerability in different companies, Ellis said. They will look for opportunities everywhere in cyberspace and try their best to exploit this vulnerability.
They also have good reconnaissance skills, know what is likely to cause the greatest damage to businesses or institutions, and operate on this basis, he said. It is very helpful for enterprises to have a good understanding of how to operate or how to build infrastructure.
Among the hackers working on the Bugcrowd platform, 94% are between 18 and 44 years old, while some are still in high school or high school. Ellis says accepting such a job is cheap and requires skills. About a quarter of the hackers on the Bugcrowd platform have no university degree.
In order to prevent cyber attacks, some companies have been using a series of methods to let people with hacker skills test their companys defense capabilities. For example, some companies let internal security testers act as so-called red customers and act as malicious attackers, trying to destroy corporate servers or steal information. This method is used to detect network security.
Some companies turn to third-party consulting firms that can provide such services, such as Bugcrowd, HackerOne, Synack and Cobolt. Some companies only contact people who have the ability to detect security vulnerabilities by e-mail.
Ellis said the vulnerability reward method provided a more formal way. Hackers must abide by rules when working, such as not jumping from the server under test to other servers with sensitive data.
According to the severity of the problem, IJet and Tesla paid hackers between $10,000 and $15,000. MasterCard pays up to $3,000. In October, the U.S. Department of Defense awarded Bugcrowd and HackerOne a contract for the vulnerability reward project Hackthe Pentagon. (Tianmen Mountain)
Source: Responsible Editor of Netease Science and Technology Report: Wang Fengzhi_NT2541