Jump to content

19-year-old Santiago Lopez becomes first to earn $1 million through bug bounty programs

kuhnertdm

Link: https://www.businesswire.com/news/home/20190301005093/en/Teen-World’s-1-Million-Bug-Bounty-Hacker

 

Santiago Lopez, a 19-year-old white-hat hacker from Argentina, has become the world's first person to earn $1 million through bug bounties. Bug bounties are programs in which companies offer money to white-hat hackers who are able to find security vulnerabilities in their computer systems. The idea is to reduce the incentive to abuse these vulnerabilities, or to sell them to people who will abuse them, and to increase the incentive to responsibly disclose the vulnerabilities to the companies. Lopez has been using the HackerOne platform to fulfill bug bounties under the handle @try_to_hack.

Link to comment
Share on other sites

Link to post
Share on other sites

1 hour ago, Teddy07 said:

Why should I, after all, report a bug when I do not gain something from it.

it depends what kind of bug it is and how it is found. 

 

if I just use my Mac and find some kind of glitch that for example causes the screenshot app to quit unexpectedly and I report it, I don't expect to receive money for it. 

 

if someone spends weeks trying to find a security flaw and finds one, I would expect that person to get a payment. 

She/Her

Link to comment
Share on other sites

Link to post
Share on other sites

If you are good at something, never do it for free!

 

Cool, but if he was black-hat hacker i guess he would have earned much more depending what kind of vulnerabilities he found. :D

Computer users fall into two groups:
those that do backups
those that have never had a hard drive fail.

Link to comment
Share on other sites

Link to post
Share on other sites

22 hours ago, mate_mate91 said:

Cool, but if he was black-hat hacker i guess he would have earned much more depending what kind of vulnerabilities he found. :D

Maybe, but then it might be harder to spend the money.

ENCRYPTION IS NOT A CRIME

Link to comment
Share on other sites

Link to post
Share on other sites

Good for him!

23 hours ago, mate_mate91 said:

Cool, but if he was black-hat hacker i guess he would have earned much more depending what kind of vulnerabilities he found. :D

Morality concerns aside, the risks and a life on the run are probably not worth the greater gains - 1M is plenty to live comfortably for quite a while and he's likely to earn more.

Don't ask to ask, just ask... please 🤨

sudo chmod -R 000 /*

Link to comment
Share on other sites

Link to post
Share on other sites

On 3/2/2019 at 10:57 PM, firelighter487 said:

it depends what kind of bug it is and how it is found. 

 

if I just use my Mac and find some kind of glitch that for example causes the screenshot app to quit unexpectedly and I report it, I don't expect to receive money for it. 

 

if someone spends weeks trying to find a security flaw and finds one, I would expect that person to get a payment. 

In this case it depends more on how severe the flaw is - even if you spend a year tracking down a graphical glitch you probably won't get a reward. On the other hand, if you find a critical vulnerability that allows unrestricted access through javascript in 30 minutes, you're likely to get a bunch of cash.

Don't ask to ask, just ask... please 🤨

sudo chmod -R 000 /*

Link to comment
Share on other sites

Link to post
Share on other sites

2 minutes ago, Sauron said:

In this case it depends more on how severe the flaw is - even if you spend a year tracking down a graphical glitch you probably won't get a reward. On the other hand, if you find a critical vulnerability that allows unrestricted access through javascript in 30 minutes, you're likely to get a bunch of cash.

yeah true. 

 

I did specify "spends weeks trying to find a security flaw" but I guess even there it depends on how severe it is and how it can be executed.

She/Her

Link to comment
Share on other sites

Link to post
Share on other sites

On 3/2/2019 at 1:08 PM, kuhnerdm said:

Bug bounties are programs in which companies offer money to white-hat hackers who are able to find security vulnerabilities in their computer systems. The idea is to reduce the incentive to abuse these vulnerabilities, or to sell them to people who will abuse them, and to increase the incentive to responsibly disclose the vulnerabilities to the companies.

Wouldn't that make the people who participate in these programs grey hats?

Come Bloody Angel

Break off your chains

And look what I've found in the dirt.

 

Pale battered body

Seems she was struggling

Something is wrong with this world.

 

Fierce Bloody Angel

The blood is on your hands

Why did you come to this world?

 

Everybody turns to dust.

 

Everybody turns to dust.

 

The blood is on your hands.

 

The blood is on your hands!

 

Pyo.

Link to comment
Share on other sites

Link to post
Share on other sites

That's nice. I found a security flaw at a place I was working.... They ended my contract early. I guess they can't afford me. LOL. 

CPU: AMD Ryzen 5 5600X | CPU Cooler: Stock AMD Cooler | Motherboard: Asus ROG STRIX B550-F GAMING (WI-FI) | RAM: Corsair Vengeance LPX 16 GB (2 x 8 GB) DDR4-3000 CL16 | GPU: Nvidia GTX 1060 6GB Zotac Mini | Case: K280 Case | PSU: Cooler Master B600 Power supply | SSD: 1TB  | HDDs: 1x 250GB & 1x 1TB WD Blue | Monitor: 24" Acer S240HLBID | OS: Win 10 Pro.

 

Home Lab:  Lenovo ThinkCenter M82 Hyper-V Server 2022 | Dell OptiPlex 9020 Hyper-V Server 2022 | TP-LINK TL-SG108E | Cisco Catalyst C2960CG 8 Port Switch | HP MicroServer G8 SCCM Server | 2x Dell PowerEdge R630 Hyper-V Server 2022

 

 

Link to comment
Share on other sites

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×