Skip to main content

Want to get rich from bug bounties? You're better off exterminating roaches for a living

posted onJanuary 15, 2019
by l33tdawg
The Register
Credit: The Register

Security researchers looking to earn a living as bug bounty hunters would to do better to pursue actual insects.

Using data from bug bounty biz HackerOne, security shop Trail of Bits observes that the top one per cent of bug hunters found on average 0.87 bugs per month, resulting in bounty earnings equivalent to an average yearly salary of $34,255 (£26,500). That's a bit less than the median wage for a pest control worker in, say, Mississippi, according to the US Bureau of Labor Statistics. It's also lower than the average UK salary of £27,000. And these are the top cyber exterminators. who bring in the big bucks. Newbies make considerably less.

Citing MIT Press' New Solutions for Cybersecurity, Trail of Bits argues that bug bounty programs appeal mainly to developers in labor markets where wages are significantly lower than in the US, or students learning cybersecurity. Suprisingly enough the biz suggests that other options, like hiring security consultants and penetration testers (which, suprise surprise is Trail of Bits' own business,) may make more sense for companies than a bug bounty program.

Source

Tags

Industry News

You May Also Like

Recent News

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th