With
the evolvement of the internet, we need someone who can identify the errors or
the vulnerabilities in a website, computer or a system. The reward given to a
person for identifying them is known as bug bounty. Over these 4 decades, the
bug bounty industry has grown and still continues to grow at a rapid speed.
Bug
bounty hunters are earning enough by hacking into the systems or websites and
identifying the specific errors or vulnerabilities of the website ethically and
responsibly. In return they rewarded in
different forms and the reward varies on different platforms for different
vulnerabilities based upon its severity. A few bug bounty hunters have started
mentoring new upcoming talent and they use various platforms to promote
themselves to attract the students. Out of them a few are manipulating the
screenshots of the rewards which will misguide the students. A fake bug bounty
hunter manipulates their actual reward to a much higher value which is fake.
For example: If a bug hunter is getting a reward of 100$ for subdomain
takeover, they manipulate it by increasing it to 10,000$ and changing the name
of the vulnerability to account takeover. This misguides the student that the
bug hunter has earned a bounty of 10,000$ and they believe that the fake
screenshot is authentic and they get fascinated and keep on sharing it. This is
a kind of unethical practice by the bug bounty hunter to gain fame & to
attract more students.
The
upcoming students feel that someone who is on a good level can also help them
reach at that level but the truth is different ways and they get misguided. The
bug bounty hunting is supposed to be ethical and should be done in order to
make internet a safer place for the users. The students should be aware and
should check the authenticity for any screenshots shared on various unverified
platforms.
By: Kartik Khurana
(Pursuing B.E, AIT, Bengaluru)
Stay
connected with us: www.worldcybersecurities.com
To get latest updates on various cyber related events & other
things, you can join our Whatsapp
group/Telegram
Channel
Really informative and well researched blog.
ReplyDeleteIt should be taught in university's classes
DeleteI second that!
DeleteIndeed over the years, the bug bounty programs have grown exponentially but exactly as stated above it must never be used for unethical purposes.
ReplyDeleteBug bounty programs/ hunting can be considered as a way forward for identifying the cyber criminals and threats. In my opinion, this technique must be exponentially known to all the citizens in order to understand the relief which they can get if they are stuck in this cyber trap. A committee must be organized for the same purpose so that the disadvantage of this mechanism will not occur and will take place smoothly.
ReplyDeleteIt is very important for students to research intensely on the topic if they really find the job interesting. This blog certainly paves the way ahead towards informing them.
ReplyDeleteThe bug Bounty is rapidly increasing and it can be both fake or good. We as Students should be aware of the information being shared and check the authenticity of every screenshots available. Very nicely written.
ReplyDeleteBug Bounty benefits both companies and individuals. But some people edit their bounty to get more fame because they have to showcase their skill.
ReplyDelete