Life As a Bug Hunter 68
An anonymous reader writes "Bug Hunter Aaron Portnoy claims to have earned $60K in 3 months as a bug hunter when he was 19 years old. Pretty impressive. Tighter company budgets and increased pressure to get a product ready by its release date means code isn't checked so thoroughly and bug frequency rises. From the article: 'Mozilla — makers of the Firefox web browser — were first to start a bug bounty programme in 2004. Their top prize is currently $3,000 (£1,800) and they have paid out about $40,000 (£25,000) per year since then. Their top earner is a student in Germany who has bagged more than $30,000 (£18,000) from a series of discoveries.'"
I do the opposite (Score:5, Funny)
I make a decent amount producing new bugs.
Re: (Score:1)
I make a decent amount producing new bugs.
+1 LOL
Re: (Score:2)
I'm gonna write me a new minivan!
Payment to coders? (Score:2)
Do they pay the coders this much too? or are the code submissions all donated?
Re: (Score:3)
Do they pay the coders this much too? or are the code submissions all donated?
They could:
1) coder will submit a javascript parser provided by me in an envelope containing both half the cash bounty and a buffer overflow ....
2)
3) Profit!
Re: (Score:2)
Reminds me of something... http://thedailywtf.com/Comments/The-Defect-Black-Market.aspx [thedailywtf.com]
Re: (Score:1)
Honestly, it sounds like the company made back it's money, and cancelled in time.
I mean, it was only a week, and only 2 days of abuse. The first three days appeared to pay off, and things were better in the code-base going forward.
Re: (Score:1)
Do they pay the coders this much too? or are the code submissions all donated?
Coders are paid by Mozilla if they are employees. Coders are paid by other companies or organizations to code for Firefox, as necessary to meet that employer's needs. I could certainly see Mozilla offering a bounty for coding a specific feature, but this is usually called a contract and is exclusive to one or one group of reputable, vetted coders. The only reason they are offering money for exploits is because they don't know what, exactly, needs to be done and because the community hasn't jumped on the iss
Impressive compared to what? (Score:1)
Don't get me wrong; $60k in 3 months is not a bad haul for anybody. But as the single biggest payout (over time) fluke ever, it kind of sucks, and is reflective of the average pay one can expect pursuing this career, which also sucks.
If you want to shoot for the moon, you might as well just play the lottery.
It's another thing if you hack for fun, and can collect a little money on the side for it. But this is not a sustainable career for anyone and slashdot in particular needs to stop acting like these guys
Re: (Score:3)
New model of society: govt pays ppl a basic income and govt and biz hold challenges to stimulate individuals to create and innovate and provide services like bug-finding without the need to work for a corporation.
Read Thomas Paine on the basic income guarantee and Thomas Jefferson on copyright.
Your ideas are as old as the USA, thus dangerously close to revolutionary in today's environment.
Re: (Score:2)
Re: (Score:2)
Thats 240k/year and doesn't require you to live somewhere that 240k a year isn't a big salary.
240k/year is decent pay for anyone doing that job with the exception to that being the jobs doing it in areas where it costs a million plus a year just to pay your rent.
You're seriously claiming you make 240k/year or more and that that is 'average pay'? What shitty assed city do you live in where thats the case cause there are only a limited number of places where 240k/year is average pay and pretty much none of t
Re: (Score:1)
Don't you mean:
1. Write buggy code.
2. Sell support contracts.
3. Profit.
Re: (Score:1)
LOL. Mannijarz is not soe smeart.
Ahem... (Score:5, Funny)
I was not consulted for this article, therefore it must be considered suspect.
Re: (Score:1)
I should add, it's easier when the bugs find you. It takes a special kind of [karma|luck|uncanny statistical influence] to be a real bughunter. You have to be the kind of person who only needs to walk by a piece of dodgy tech in order to induce it to fail. That gives you an inkling of what life as a bughunter is really like.
On one hand, being an early adopter is just asking for trouble. Don't go there, unless you're being paid to. If it's been half-assed, you're going to find out -- and these days it
Whoa (Score:2)
Re: (Score:3)
Firefox doesn't use that much RAM under normal conditions. Apart from that bug when you load up a whole page of photos, the use of memory is way below any of the major competitors.
Doesn't mean that it doesn't happen, but it's usually not Firefox, it usually ends up being a plug in or extension that's using up most of the memory. Under normal circumstances you're not likely to ever use more than 500mb.
Re: (Score:2)
From what you've said, I can safely deduce without any uncertainly that you have never actually used Firefox at any point in your life.
As far as it being a plugin or something, I'll tell you the same thing I told our VoIP provider ...
I don't care WHAT or WHY the exact reason is, when I do A ... B happens. I don't care if its not A's fault, if I don't use it, it doesn't happen so you're choices are to make it so A prevents something else from causing it a problem, or I'll use something else.
No one gives a s
Re: (Score:2)
To be honest, we don't really care what people as fucking stupid as you think about things. I don't represent Mozilla, but it's not helpful to pretend like your situation is typical without actually providing any evidence. You're not going to fix a problem caused by extensions by mucking around in the browser code, sure when add ons get their own processes, it will be a lot easier to know who is responsible for what.
But, at the moment, only a fucking moron would claim that it's Firefox' fault that other peo
Re: (Score:2)
Firefox doesn't use that much RAM under normal conditions.
Yes it does. Mozilla know this and have an entire team of people [internetnews.com] addressing Firefox 4 memory usage issues. They're looking at 18 P1 bugs [mozilla.org], 84 total.
My Firefox is has 1.3GB mapped, but is only using 300MB right now (according to the very useful about:memory)... that's a serious fragmentation problem, because as far as my operating system is concerned, that's a 1.3GB program, not a 300MB program.
Re: (Score:2)
Re: (Score:2)
Firefox doesn't use that much RAM under normal conditions. Apart from that bug when you load up a whole page of photos, the use of memory is way below any of the major competitors.
Doesn't mean that it doesn't happen, but it's usually not Firefox, it usually ends up being a plug in or extension that's using up most of the memory. Under normal circumstances you're not likely to ever use more than 500mb.
Then tell me which extension it is. Just a simple task manager, then I'll know who to blame.
Re: (Score:2)
I think you missed the OP's joke...
http://en.wikipedia.org/wiki/Bugchasing [wikipedia.org]
Real bugs (Score:2)
Ok, so even though I'm a programmer, when I started reaading the article, I was really thinking this was about a vermin hunter, someone who rids people's houses of infestations of insects or something like that... Am I the only one?
Re: (Score:2)
Re: (Score:1)
OSS promises (Score:2)
That is var sad that money needs to be involved, but we don't live in the same OMG ponies world RMS lives in, it died in the 80s after our pot smoking parent changed their mind about the value of money. Nowadays, you see leech of the system making money with all sorts of repulsive business model, ... so that is a good thing that security researcher gets rewarded and that student with too much time invest it
Lite? (Score:4, Insightful)
From the article:
"When we started out it was $1337 which if you write it down spells out 'lite' which is hacker speak for elite. Since then we've increased the top prize to 3133.70 which spells 'elite,'" explained Rukowski.
Seriously? 1337 spells "lite"? Are the authors of this article really that clueless and have that little competent review of their material? 1337 spells "leet" which sounds like "elite" if you don't really pronounce the first letter. Isn't this explained in "Hackers" or some other pop culture movie?
Re: (Score:1)
For a brief moment, I had the fancy of thinking entomologists were traveling the Amazon, making new discoveries for large amounts of money. That's pretty l337. I'm going to go back and read xkcd now.
spec work (Score:1)
Re: (Score:2)
better that they be working towards some kind of good than that they, for example, be trying to exploit existing bugs or looking for new bugs to exploit...
more outstanding work from the bbc tech idiot team (Score:1)
honestly their research knows no bounds