Bounty hunting is still a popular business, according to a recent report, with the vast majority of ethical hackers wanting to do more.
According to a survey, 96 percent of respondents wanted to spend more time bounty hunting, with two-thirds considering it a full-time job. The biggest draw, according to nearly half of those polled, is the money, followed by the ability to work anywhere in the world, the ability to work alone, and the opportunity to outwit malicious hackers.
Currently, more than half of bug bounty hunters work full-time elsewhere, and roughly one-third are students. However, more than one in every five people receive more than a quarter of their total income from bounty payouts.
There’s also a new invite-only bug bounty program for the French government’s identity authentication application, France Identité, which was launched earlier this year to supplement the country’s new electronic identity cards.
Finally, Google has recently been generous, paying out more than $300,000 for reports on various flaws in Google Cloud Platform (GCP) last year.
Several new bug bounty programs have been launched in the last month. Here is a list of the most recent entries:
Animal Friends
Program provider:
Independent
Program type:
Public
Max reward:
£400 ($480)
Outline:
UK pet insurance company Animal Friends has launched a public bug bounty program that’s focused on securing its corporate website, customer portal, vet portal, and sales platform.
Notes:
Discussing the new program, the insurance provider said: “No system is ever perfect, and therefore Animal Friends believes that working with skilled security researchers around the world is crucial to identify and fix any weaknesses.”
Check out the Animal Friends bug bounty page for more details
ClickHouse
Program provider:
Bugcrowd
Program type:
Public
Max reward:
$2,500
Outline:
ClickHouse is an open source, column-oriented OLAP database management system that allows users to generate analytical reports using SQL queries in real time.
Notes:
The main focus of the public program is the open source version of the ClickHouse platform.
Check out the ClickHouse bug bounty page at Bugcrowd for more details
France Identité
Program provider:
YesWeHack
Program type:
Private
Max reward:
Undisclosed
Outline:
The French government has launched an invite-only bug bounty program for its newly launched identity authentication application, ‘France Identité’.
Notes:
Hosted by Paris-based ethical hacking platform YesWeHack, the program will eventually be opened up to all security researchers and then run for the mobile app’s lifetime.
MetaMask
Program provider:
HackerOne
Program type:
Public
Max reward:
$50,000
Outline:
MetaMask, one of the most widely used wallets for interacting with distributed applications, has launched a bug bounty program offering rewards of up to $50,000 for critical vulnerabilities.
Notes:
MetaMask is particularly seeking reports demonstrating how an attacker could extract the secret recovery phrase or a private key from a wallet, or make a user’s wallet behave in “unexpected ways”.
Check out the MetaMask bug bounty page at HackerOne for more details
Opera
Program provider:
Independent
Program type:
Private
Max reward:
Undisclosed
Outline:
The developers behind the Opera web browser have launched a private bug bounty program to accompany the existing public program that’s housed on the Bugcrowd platform.
Notes:
There are currently few details relating to this private program, although anyone expressing an interest must already have a Bugcrowd ID.
Check out Opera’s private bug bounty page for more details
Phemex
Program provider:
Bugcrowd
Program type:
Public
Max reward:
$2,500
Outline:
Cryptocurrency trading platform Phemex has partnered with Bugcrowd to launch a bug bounty program.
Notes:
Researchers have been tasked with finding bugs in the Phemex website and mobile apps. Cross-site scripting (XSS) and denial-of-service (DoS) exploits are out of scope.
Check out the Phemex bug bounty page at Bugcrowd for more details.
ZOFixer.com security scan helps to find vulnerabilities in softwares and servers, you can easily use it by registering on our website and activating the 30-day trial.