Bug bounty

Are bug bounty programs a meme? Can you actually make money of this shit? Any experiences?


What do you think how hard it is to get to that level? I've built some foundation, studying on Cybrary Network+, Comptia A+, Security+, Linux+ and currently reading TCP/IP illustrated. I need to study Web app stuff right?

Attached: afafafe.png (919x391, 501.18K)

Other urls found in this thread:


if you're a good hacker you're making actual hacks for money. These "hackers" earn next to nothing with the cheap bounties companies offer.

if your a good hacker you would fix the double post bug here as your first bounty

Bug bounties are a complete meme. Most of the bounties go to the same handful of people who already do this professionally in some other way; you are basically competing with a bunch of teenagers for peanuts.

We call them bug chasers now

Attached: hands-diversity.jpg (2082x1171, 1.08M)

This. Even if you had zero-days the spooks pay MUCH better.

Any "hacker" earning their money doing bug bounties is a skid that knows few tricks here and there and never amounts to anything.
They think it is a valuable experience that might land them a job but they're deluding themselves into literal shit digging work.

But what if you were doing them not for the money, but to piss the spooks off by fixing zerodays in software they like to hack?

I just want to know how I've only ever seen this problem on Zig Forums. CSS problem or what?

Not really. Learn how to actually work on malware, reverse engineer it, and detect it (a/v and traffic signatures). You'll make way more money doing it and you won't just be a skid.

It comes from faggots who don't see their post show up, so they post it again. Then the original post shows up, and then the second post.
I've seen it on reddit too. Think there was a bug one time, because I saw a thread where everyone's post had doubled. It's more egregious on Zig Forums because no one can delete threads except the BO.


They're memes. If you contribute to an open source project anyway, you can earn beer money doing random companie's specific feature requests, but it's not a way to support yourself.

Yes they are a meme. It's 100% marketing. "Look bruh discord has a bug bounty, it must be better than conject0r, even though it crashes every 5 seconds". Bug bounties don't and never have made software any more secure. The software industry is a joke and as an obvious collary, so is the security of all software.
Oh you're one of those people.

genius. is there a way to collect bug bounties anonymously?


Zig Forums forever BTFO

Attached: 14298529849.png (838x683, 184.48K)

from a software engineering standpoint it's a meme, but that's something you wont understand. also whatever news article you link to may or may not just be marketing/hype


sounds very meme to me. why is it always some kid that does these instead of people that call themselves "professionals" and do that shit as their job

i dunno about the "whitehat community" but everyone i know who's actually good at hacking became millionares 10 years ago and wouldn't waste their time with this shit. point is, software industry is shit

to get young retards into the field to flood the market suppress wage costs

Hackerone and bugcrowd are decent. I know some people pull bounties from those programs on the regular.

Things you will need to know for real hacking. Look this shit up on YouTube.
Assembly programming
Exploit development

That or learn relational database applications development then Learn SQL injection and things like that for Web applications penetration testing.

True blackhats can make more money in given circumstance. That and something like 95% of moralfags are leftists. Fuck the security industry. But if a guy wants to make some cash on bug bounties whatever. I'm over it.

This is absolutely true. Doing tech work on prospect is not recommended. Most people will make up some reason they are not going to pay you.

This is categorically false. Finding and fixing bugs makes software more secure. Hackers finding security holes and responsibly reporting them to developer helps developers tremendously.

True, there are some success stories.

Also true. Nearly everything in the security industry is a scam. Best bet just write hack tools and put them on Github to build a portfolio in hopes of getting offered a real job. That or just hack because you love it.

You would be better off and make more by catching actual bugs OP. Media has a successor bias reporting the only 2 or 3 over successful cases when the average success is very low and an average bug catcher actually makes the double of an average bug bounty hunter. Don't treat it as anything more than a part time job.

This is categorically false. Finding and fixing bugs makes software more secure.
No it fucking doesn't, and since you list "Egghunting" as if it's some fundamental wisdom you come off as yet another skidd0. Fixing one vuln someone finds makes the software slighty better at best, does fuck all to change the attitude of the "software engineers", and gets you and the vendor some PR.
No it doesn't. It's literally just a market.









I smell rats.

These are our enemies. Why are we supporting them?

Whatcha sliding Chaim?

Whatcha saying schlomo?

Whatcha sliding MOSHE?

Yeah, right, and the moon is made of cheese.

The Semitic influence is strong with this one.