A ‘white hat’ from Argentina has come a long way since winning his first reward of US$50 in 2016

A little over a year ago, we looked at how well bug hunting can pay. The tale of an Argentinian teenager now shows that sleuthing for security holes in code can be a lucrative pursuit.

Santiago Lopez, a 19-year-old from Buenos Aires, has become the first person to earn over US$1 million in rewards on the leading bug bounty platform provider HackerOne.

“I am incredibly proud to see that my work is recognized and valued. Not just for the money, but because this achievement represents the information of companies and people being more secure than they were before, and that is incredible,” says Lopez.

He adds that he’s “completely self-taught” and only took up the trade and joined HackerOne in 2015. It wasn’t until the following year when the teen, working under the alias ‘try_to_hack’, earned his first payout – US$50 for a software flaw that could lead to Cross-Site Request Forgery (CSRF) attacks.

And try he did, having since hunted down more than 1,670 code vulnerabilities in services from companies such as Verizon, Twitter and WordPress. This includes a flaw that could enable Server Side Request Forgery (SSRF) attacks, netting Lopez his single biggest cash reward – US$9,000.

What was at first an after-school effort has evolved into a job that takes up 6-7 hours of the teen’s time a day and that pays far more than the job of a typical software engineer in Buenos Aires.

“What interests me the most when looking for bugs is finding as many bugs as I can in a short period of time and trying to earn good bounty rewards for them. I know they say quality before quantity, but quantity is what I like,” he is quoted as saying.

Days after reaching the landmark figure, Lopez was joined in the million-dollar bug bounty club by Mark Litchfield, a well-known name in the industry. Indeed, Litchfield had a bit of a head start on Lopez, having pulled in US$500,000 in rewards back in 2016.

A bountiful year

Beyond announcing Lopez’s feat, HackerOne has also released its 2019 Hacker Report. The platform, which acts as a kind of middleman between companies and white hats, notes that white hats earned more than US$19 million in bounties in 2018 alone, which is almost equivalent to the US$24 million made by HackerOne members in the preceding five years.

Indeed, ever more and more people join the community. The number of HackerOne members has topped 300,000, which is nearly double the number a year ago. Bounty hunters from the United States and India account for almost one-third of the membership.

Nine out of 10 HackerOne members are younger than 35, with nearly one in two being 18-24 years old. Just like Lopez, most (81 percent) are self-taught, while only 6 percent have completed a formal class or certification on hacking.

Source: HERE

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!