Bug bounty participants can earn up to R$120,000 in less than a year

Every year companies are increasingly interested in finding solutions to defend themselves from cyber attacks. Recently, one of the alternatives most requested by companies is bug bonusIt is a bug bounty program that brings together companies and programming experts. These professionals, who play a key role in ensuring data privacy and information security, can earn up to R$120,000 in bonuses in less than a year, BugHunt estimates, first. bug bonus Brazil.

This estimate is found in the first national information security survey BugHunt, conducted by the startup in 2021, which also concluded that 29% of Brazilian companies are already investing in bug bonusWhile 34% intend to do so in the near future. These expectations are accompanied by data on how companies are investing more in homeland security programs with their employees, which according to a BugHunt survey, was a measure taken by 79.3% of organizations last year.

The search for digital security, whether by rewarding bugs or by other means, is increasing in companies. (Photo: Playback / BugHunt)

However, the reasons for this increased demand for security by companies are diverse. According to the BugHunt study, 53.4% ​​of them started investing more to prevent cyberattacks, 50% to adapt to GDPR and 15.5% to adapt after feeling what it means to suffer a virtual scam – with phishing being the most common threat. affected companies.

Requirements to participate in bug bonus

Participants from bug bonus Responsible for identifying weaknesses in corporate systems and operations. Professionals discover these weaknesses in companies from various sectors, especially technology companies – such as E-Commercecryptocurrency platforms, marketsBanks, healthcare start-ups, news portals, the beverage industry, telephone companies, and logistics.

Because of this performance, the bug bonus It is becoming an option that companies are increasingly seeking to improve their digital protection, with the result that professionals become interested in the requirements for active participation in these processes. For BugHunt CEO Caio Telles, the first step is the versatility of working on different programming fronts: “The main challenge for professionals is to update their knowledge and be able to identify weaknesses that others have not yet identified. For this, it is very important to pay attention to the calls of the program, to find flaws before others,” he explains.

Detecting bug bounty flaws can prevent security issues in corporate systems in the future. (Photo: Disclosure/Elchinator/Pixabay)

Another important competency for the participants bug bonus She is knowledgeable about the operation of various technologies – such as http / https protocols, programming, databases and networking, in addition to being very curious. “It is not enough to have creativity, it is necessary to learn more about the topic and study about it. Thus, sharing information with two other birds in the community is also necessary,” explains Telles.

The ability to summarize failure reports is also important, as participants in bug bonus It should provide event organizers with clear performance vulnerabilities surveys that allow testing by third parties, in order to reinforce the validity of the problem found. Additionally, always looking for the least common paths that can lead to error is also important and serves as a differential in identifying these situations.

Ultimately, it takes training, but the good news, according to Telles, is that more and more organizations are adopting these programs, opening up more opportunities for participants to learn about the activity. “Fortunately, the industry is evolving and companies are increasingly adopting bug bounty programs, as they have come to the conclusion that security can no longer be guaranteed by traditional solutions alone. In other words, it is necessary to increase security maturity. Even in this context, it is a growing market for “hackers” The good, “especially because it is a democratic environment, after all, even those who are not IT experts can enter the environment,” concludes the CEO.

Source: We live with security

Leave a Comment