Skip to content

Can You Make Any Money from Bug Bounties?


Hacking has evolved. No longer does hacking only encompass the nefarious activities of a bored teenager or a Russian spy. People are hacking for good, or ethical hacking, now. An entire field has developed around ethical hacking — penetration testing or pentesting — which involves hackers being paid to test a company’s cybersecurity defenses.

Getting a full-time job as a pentester isn’t easy, nor do many companies have the resources to hire one. The solution? Bug bounties. Bug bounty hunting works a lot like regular bounty hunting, but the targets are software vulnerabilities instead of bail-jumpers. Over the past several years, bug bounties have become popular. They’ve also made some ethical hackers rich.

How exactly do bug bounties work and can you make any decent money from them?

How do bug bounties work?

When a company wants to test the security of their software or other digital assets, they can set up a bug bounty program. The company asks ethical hackers or security researchers to try and hack into their systems, looking for any gaps or vulnerabilities. In return for finding and submitting a vulnerability, the company rewards the bug bounty hunter either monetarily or with free products, recognition, or some other prize.

Bug bounty programs can be either internal or crowd-sourced. Companies can host their own program, where they recruit security researchers to test their software. With a crowd-sourced bug bounty, a company posts their bounty on a platform, such as HackerOne, where members of the platform can attempt it.

Why bug bounties are useful

Bug bounty programs and platforms have become popular because they allow white-hat hackers and pentesters to improve their skills and get paid for it. Even if a bug bounty hunter doesn’t succeed at finding a vulnerability, they’ve still gained valuable experience that they can later apply to their job search in cybersecurity.

Bug bounties benefit companies as well because they identify security issues that in-house teams might not catch. And the more people who vet software or digital assets, the more secure they will be.

Where to find bug bounties

You can search for bug bounty programs hosted by companies or join a platform for crowd-sourced bug bounties. Joining a platform is probably the easiest way to find bug bounties, as they’ve already been searched out and vetted. Some platforms also host bug bounty programs, where security researchers submit results and are paid through the platform.

The most popular bug bounty platforms currently are:

  • HackerOne
  • Bugcrowd
  • SafeHats
  • Cobalt
  • SynAck

With some platforms, you have to apply and demonstrate your expertise before you’re accepted. Others award you points for submitting vulnerability reports, and you convert the points into cash payouts.

Are there any successful bug bounty hunters?

The big question is: how lucrative is bug bounty hunting? There are successful bug bounty hunters, according to HackerOne. On the HackerOne platform alone, the number of resolved vulnerabilities doubled between 2019 and 2020, and $44.75 million in bounties has been awarded to hackers across the globe. At least nine individuals have made $1 million or more on the platform since its founding. The average bounty paid for critical vulnerabilities reached $3,650 in 2020.

So yes, you can make money from bounty hunting, but it may not become your new full-time job right away. Also, as it’s become more popular, bug bounty hunting has become more difficult. The more people find vulnerabilities in large companies, the fewer vulnerabilities there are left. Only the most difficult bugs, which require more advanced skills to crack, will be available. Even so, working on bug bounties may not give you the financial payout you’re looking for, but it definitely gives you a chance to work on important job skills for the cyber security sector.

Making it as a bug bounty hunter

To be a successful bug bounty hunter, you need more than just hacking skills. You also need organizational skills, and should be prepared to teach yourself what you need to know. Many bug hunters started out with only basic knowledge and worked their way up to full-time bug bounty hunting. Participating in the ethical hacking community is also part of a bug bounty hunter’s success. Collaboration, both assisting others and receiving help, is fundamental to being a bug hunter.

If you’re excited by hacking, want to improve your skills, and don’t mind earning some money in the process, then participating in bug bounties is a great use of your time.

Related Articles

  • All
  • Easy Prey Podcast
  • General Topics
  • Home Computing
  • IP Addresses
  • Networking
  • Online Privacy
  • Online Safety
  • Uncategorized

Webcam Spies: Why You Should Cover Your Laptop Camera ASAP

If you’re worried about webcam spies or cyber hackers obtaining your most confidential information, your paranoia is…

[Read More]

Staying Safe While Traveling Internationally

Traveling internationally can be an incredible experience or a long-lasting nightmare. Asher Fergusson has tips to keep…

[Read More]

What Exactly is Freedom of Speech on the Internet?

Friendly Reminder: This article discusses legal terminology, but should in no way be considered legal advice.   America…

[Read More]

What Happens to Your Online Accounts When You Die? Tips to Protect Your Digital Legacy

So much of our lives are online. But what happens to all of our social media and…

[Read More]

7 Things to Do Before You Get Rid of Your Android Phone

Phones are a major part of our lives. New devices can cost over a thousand dollars so…

[Read More]

The New Privacy Features of Google Chrome 92

As the most popular web browser in the world, Google Chrome needs to keep up its security…

[Read More]