Hehe, still writing code for a living? It's 2018. You could be earning x3 as a bug bounty hunter Ethical hacking to find security flaws appears to pay better, albeit less regularly, than general software engineering. And while payment remains one of the top rationales for breaking code, hackers have begun citing more civic-minded reasons for their activities. A survey of 1,700 bug bounty hunters from more than 195 …
The thing is that the companies get pentested before going on hackerone etc so the stuff to find is already fairly difficult, after that as soon as a new company is up they're bombarded by some very very good pentesters. A more interesting study would be the median bounty awarded per active user which i suspect would tell a different story...
HackerOne claim to have 100K researchers... I went back and checked my 'empty' signup profile when I signed up in 2014... I was ranked 5000 and something... this also means that there are very few active researchers... if I can get into the top 5% without submitting a single vulnerability. :)
Personally I'd be bored shitless if I swapped building things for bug bounties so 2.7 times salary seems like a bad trade.
Also "The top earning hackers on HackerOne have earned more than the average salary of software engineers in their respective countries" makes me suspicious. How much does the average hacker earn compared to an average software engineer?
Agreed, my experience is the skills of a 'median' developer are rather mediocre and are unlikely generally to be able to find any bugs eligible for bug bounties. On the other hand the median skills of a bug bounty hunter who has successfully managed to claim at least one bug bounty (let alone be able to make a living out of it) are likely to be at least 2.7 times better, if not more...
https://regmedia.co.uk/2018/01/17/space_bounty_hunter.jpg
that's Boba Fett from Star Wars:The New Republic Anthology not from Firefly
https://www.youtube.com/watch?v=dzP9gY1GZVw
There are some rumours that a Star Wars film centred on Boba Fett will come out around 2020-ish.
@ElReg: your image was an obvious troll for Star Wars fans... let's call it an article bug :)
"A survey of 1,700 bug bounty hunters from more than 195 countries"
The US State department only identifies 195 total states in the world: https://www.state.gov/s/inr/rls/4250.htm So it is not possible to have bounty hunters in "more than" 195 states.
When I see inflated statistics like that, it makes the rest of the data presented questionable.
I remember the Austrian Children's television asking themselves that question back in the 1980s and they got widely divergent numbers depending who they asked.
For example back then the Vatican didn't have it's own country code, so for the postal company it wasn't its own country.
The US median (not average) is indeed $80k. It's not as ridiculous as you insinuate, because the cost of living varies wildly in different parts of the nation. In some parts, you can live like a king on $80k, and you'll be in the top 5% of earners. In others, $80k means you're poor and likely living in a rundown shack.
I'm guessing that you happen to be located in an area with a relatively high cost of living, where $80k isn't a ton of money.
I came across a numpty on the Intertubes YESTERDAY who was running NT4 Terminal Server, you know, the OS that has dozens of remote exec vulns unpatched ... Terminal Server, so networked ... you can write the best, most secure code .... as long as we have numpties like that around, it is pointless ... We need to clean up the industry.
Corporate fallacy, clients, pink unicorns, whatever your excuse, running EOL software is no longer an option and NO, I do not care what other excuse you can come up with, IT IS NOT AN F'ING OPTION! If your company accepts that, heads MUST FALL or your company will make headlines, sooner or later, and THAT won't be pretty!
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
