Monday, 30 March 2015

Indian Student Pays Training With Bug Reports


The search for vulnerabilities in applications, web applications and other software for many researchers now become a lucrative business, with an Indian student pays even trained with. Shashank Kumar, known on Twitter as cyberboyIndia would now have about $ 30,000 in bug reports are earned. Thus he was able to pay most of his training, so he lets opposite The Verge know.

Despite the revenue say many researchers working on so-called "bug bounty" join programs that they are not full-time to look for vulnerabilities, but rather a part-time job or a way to generate additional income. Earnings that are higher on the black market. Nevertheless, most hackers would choose an official reward program, says Alex Rice, former security chief on Facebook and now CTO of HackerOne.

"In order to sell something on the black market you should make one weapon. That could take months," said Rice. Most hackers do have the skills, according to him, but no bad intentions. Yet it also happens that hackers find that they did not have enough money or that bugs are not resolved quickly enough. Often these hackers then decide to reveal the problem yet, what a PR nightmare for businesses can be said Gus Anagnos of SYNACK.

That can ensure that companies in each bug melding overreact. "As an organization wasting a gun to his head, the start time to vulnerabilities that are not very important," Anagnos notes. There are also now several platforms launched where companies can join. The platform receives the entries and make the selection and communication, so the company only receives structured bug reports, so that can be solved earlier.

No comments:

Post a Comment