A new breed of startups is helping hackers make millions — legally. The bug bounty business is booming.
By Ben Popper on March 4, 2015 09:12 am
Shashank Kumar was in seventh grade when he was introduced to computer hacking. At first he had fun breaking in and defacing web sites, something he says he now regrets, but then he learned that he can get paid for reporting the weaknesses he was exploiting. Under the handle @cyberboyIndia, he says he has earned around $30,000 in so called bug bounties, enough to pay for a good portion of his college education.
These days the 19-year-old is supposed to be cramming for his final exams as he prepares for a degree in engineering. But many nights he finds himself awake too late, laptop humming away, hunting for software vulnerabilities on services run by firms like Yahoo, Paypal, and AT&T. On Twitter, Shashank catalogs the rewards he receives for reporting weaknesses, a highlight reel that ranges from a free hat, to a new smartphone, to a $1,500 check. The money is good, although it’s murder on his grades.