19-year-old Santiago Lopez becomes first to earn $1 million through bug bounty programs

[kuhnertdm]

Link: https://www.businesswire.com/news/home/20190301005093/en/Teen-World’s-1-Million-Bug-Bounty-Hacker

 

Santiago Lopez, a 19-year-old white-hat hacker from Argentina, has become the world's first person to earn $1 million through bug bounties. Bug bounties are programs in which companies offer money to white-hat hackers who are able to find security vulnerabilities in their computer systems. The idea is to reduce the incentive to abuse these vulnerabilities, or to sell them to people who will abuse them, and to increase the incentive to responsibly disclose the vulnerabilities to the companies. Lopez has been using the HackerOne platform to fulfill bug bounties under the handle @try_to_hack.

[Teddy07]

I think those programs are awesome. Why should I, after all, report a bug when I do not gain something from it.

[Ashley MLP Fangirl]

1 hour ago, Teddy07 said:

Why should I, after all, report a bug when I do not gain something from it.

it depends what kind of bug it is and how it is found. 

 

if I just use my Mac and find some kind of glitch that for example causes the screenshot app to quit unexpectedly and I report it, I don't expect to receive money for it. 

 

if someone spends weeks trying to find a security flaw and finds one, I would expect that person to get a payment. 

[captain_to_fire]

I guess I made the wrong career choice. 

[Linus_torvalds]

If you are good at something, never do it for free!

 

Cool, but if he was black-hat hacker i guess he would have earned much more depending what kind of vulnerabilities he found.

[Bcat00]

Congrats to him

[straight_stewie]

22 hours ago, mate_mate91 said:

Cool, but if he was black-hat hacker i guess he would have earned much more depending what kind of vulnerabilities he found. 

Maybe, but then it might be harder to spend the money.

[Sauron]

Good for him!

23 hours ago, mate_mate91 said:

Cool, but if he was black-hat hacker i guess he would have earned much more depending what kind of vulnerabilities he found.

Morality concerns aside, the risks and a life on the run are probably not worth the greater gains - 1M is plenty to live comfortably for quite a while and he's likely to earn more.

[Sauron]

On 3/2/2019 at 10:57 PM, firelighter487 said:

it depends what kind of bug it is and how it is found. 

 

if I just use my Mac and find some kind of glitch that for example causes the screenshot app to quit unexpectedly and I report it, I don't expect to receive money for it. 

 

if someone spends weeks trying to find a security flaw and finds one, I would expect that person to get a payment. 

In this case it depends more on how severe the flaw is - even if you spend a year tracking down a graphical glitch you probably won't get a reward. On the other hand, if you find a critical vulnerability that allows unrestricted access through javascript in 30 minutes, you're likely to get a bunch of cash.

[Ashley MLP Fangirl]

2 minutes ago, Sauron said:

In this case it depends more on how severe the flaw is - even if you spend a year tracking down a graphical glitch you probably won't get a reward. On the other hand, if you find a critical vulnerability that allows unrestricted access through javascript in 30 minutes, you're likely to get a bunch of cash.

yeah true. 

 

I did specify "spends weeks trying to find a security flaw" but I guess even there it depends on how severe it is and how it can be executed.

[Drak3]

On 3/2/2019 at 1:08 PM, kuhnerdm said:

Bug bounties are programs in which companies offer money to white-hat hackers who are able to find security vulnerabilities in their computer systems. The idea is to reduce the incentive to abuse these vulnerabilities, or to sell them to people who will abuse them, and to increase the incentive to responsibly disclose the vulnerabilities to the companies.

Wouldn't that make the people who participate in these programs grey hats?

[Sir Asvald]

That's nice. I found a security flaw at a place I was working.... They ended my contract early. I guess they can't afford me. LOL.