Bug bounties

 Eusebiu Blindu

Again, like in the last period, on my blog, at conferences etc I try to tell testers about security bug bounties. Now, for tips you can start for example with my presentation in Prague, just to get an idea:

I think this is very good for testers that are dissatisfied at a job and never see something good related to income, tasks and different perks. It’s intended for those that are not using their full potential at work and have the feeling nothing will become better.

Instead of switching from job to job I have this option: security bug bounties. I don’t even have a full year as serious bug hunter, but I am close to

millions USD in rewards. True, I got some nice intervals when some bug bounty programs didn’t have that much competition, the companies were trying to promote itself and they were more «loose» in giving validations. But it’s still something interesting for people out there.

Compared to a normal tester job, this is better at any level. No stupid bosses, racism backdraws, bad interactions etc. You work from home and, if you don’t lie to yourself, you know that this is the best way to work. Things are not always constant, you will have «bad months», but you need to organise and be responsible. And when you get «good months», it can be the equivalent of what you could have normally won in one year.

Security should not be some term that scares testers. After all, every tester does a little bit of security anyway. And it’s just like another set of skills, close and related to functional testing. You need to learn a lot with every new projects anyway, so consider security just a new project.

I am fully for security testing, normal job experience is overrated and you will not get more money if you had «4 years» of that type of testing anyway. Actually I am not good at security, but I try to be good at security bug bounties which, sounds crazy, has little to do with security in my opinion.

It’s best for people who are not very happy at a company where are not respected, can’t get promoted for various reasons, but CAN take some minimum risks.

Good luck!

For more information:
Eusebiu Blindu.

Acerca de Sogeti España

Como parte del Grupo Capgemini, Sogeti opera en más de 100 localizaciones a nivel mundial. Trabajando estrechamente con clientes y socios para aprovechar al máximo las oportunidades de la tecnología, Sogeti combina agilidad y velocidad de implementación para diseñar soluciones innovadoras enfocadas al futuro en Digital Assurance & Testing, Cloud y Ciberseguridad, y todo ello, impulsado por IA y automatización. Con su enfoque práctico y su pasión por la tecnología, Sogeti ayuda a las organizaciones a implementar su transformación digital a gran velocidad. Si quieres conocer nuestro "Value in the making", visítanos en

0 comments on “Bug bounties

Deja tu comentario

Introduce tus datos o haz clic en un icono para iniciar sesión:

Logo de

Estás comentando usando tu cuenta de Salir /  Cambiar )

Foto de Facebook

Estás comentando usando tu cuenta de Facebook. Salir /  Cambiar )

Conectando a %s

A %d blogueros les gusta esto: