Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Life As a Bug Hunter

samzenpus posted more than 2 years ago | from the bug-bounty dept.

Bug 68

An anonymous reader writes "Bug Hunter Aaron Portnoy claims to have earned $60K in 3 months as a bug hunter when he was 19 years old. Pretty impressive. Tighter company budgets and increased pressure to get a product ready by its release date means code isn't checked so thoroughly and bug frequency rises. From the article: 'Mozilla — makers of the Firefox web browser — were first to start a bug bounty programme in 2004. Their top prize is currently $3,000 (£1,800) and they have paid out about $40,000 (£25,000) per year since then. Their top earner is a student in Germany who has bagged more than $30,000 (£18,000) from a series of discoveries.'"

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered


I do the opposite (5, Funny)

Anonymous Coward | more than 2 years ago | (#36492962)

I make a decent amount producing new bugs.

Re:I do the opposite (0)

Anonymous Coward | more than 2 years ago | (#36494270)

Pah. You'll never top these guys [southerncricket.com], who have been at it for over 50 years.

Payment to coders? (1)

statusbar (314703) | more than 2 years ago | (#36492968)

Do they pay the coders this much too? or are the code submissions all donated?

Re:Payment to coders? (2)

vlm (69642) | more than 2 years ago | (#36493066)

Do they pay the coders this much too? or are the code submissions all donated?

They could:

1) coder will submit a javascript parser provided by me in an envelope containing both half the cash bounty and a buffer overflow
2) ....
3) Profit!

Re:Payment to coders? (1)

TheCycoONE (913189) | more than 2 years ago | (#36493274)

Reminds me of something... http://thedailywtf.com/Comments/The-Defect-Black-Market.aspx [thedailywtf.com]

Re:Payment to coders? (1)

AvitarX (172628) | more than 2 years ago | (#36493310)

Honestly, it sounds like the company made back it's money, and cancelled in time.

I mean, it was only a week, and only 2 days of abuse. The first three days appeared to pay off, and things were better in the code-base going forward.

Re:Payment to coders? (0)

Anonymous Coward | more than 2 years ago | (#36494252)

Eat shit, hacker. What the fuck is going on?

Re:Payment to coders? (1)

ninetyninebottles (2174630) | more than 2 years ago | (#36493306)

Do they pay the coders this much too? or are the code submissions all donated?

Coders are paid by Mozilla if they are employees. Coders are paid by other companies or organizations to code for Firefox, as necessary to meet that employer's needs. I could certainly see Mozilla offering a bounty for coding a specific feature, but this is usually called a contract and is exclusive to one or one group of reputable, vetted coders. The only reason they are offering money for exploits is because they don't know what, exactly, needs to be done and because the community hasn't jumped on the issue and put time/money into it (or because others are offering money for them to not contribute work and sell the exploits on the black market). I'm sure, however, if you start paying coders to not donate code to Mozilla, they will respond by countering (or suing your ass).

With enough eyeballs, all bugs are shallow (-1, Troll)

Anonymous Coward | more than 2 years ago | (#36492974)

It has come to my attention that the entire Linux community is a hotbed of so called 'alternative sexuality', which includes anything from hedonistic orgies to homosexuality to paedophilia.

What better way of demonstrating this than by looking at the hidden messages contained within the names of some of Linux's most outspoken advocates:

  • Linus Torvalds [microsoft.com] is an anagram of slit anus or VD 'L,' clearly referring to himself by the first initial.
  • Richard M. Stallman [archive.org], spokespervert for the Gaysex's Not Unusual 'movement' is an anagram of mans cram thrill ad.
  • Alan Cox [microsoft.com] is barely an anagram of anal cox which is just so filthy and unchristian it unnerves me.

I'm sure that Eric S. Raymond, composer of the satanic homosexual [goatse.fr] propaganda diatribe The Cathedral and the Bizarre, is probably an anagram of something queer, but we don't need to look that far as we know he's always shoving a gun up some poor little boy's rectum. Update: Eric S. Raymond is actually an anagram for secondary rim and cord in my arse. It just goes to show you that he is indeed queer.

Update the Second: It is also documented that Evil Sicko Gaymond is responsible for a nauseating piece of code called Fetchmail [microsoft.com], which is obviously sinister sodomite slang for 'Felch Male' -- a disgusting practise. For those not in the know, 'felching' is the act performed by two perverts wherein one sucks their own post-coital ejaculate out of the other's rectum. In fact, it appears that the dirty Linux faggots set out to undermine the good Republican institution of e-mail, turning it into 'e-male.'

As far as Richard 'Master' Stallman goes, that filthy fudge-packer was actually quoted [salon.com] on leftist commie propaganda site Salon.com as saying the following: 'I've been resistant to the pressure to conform in any circumstance,' he says. 'It's about being able to question conventional wisdom,' he asserts. 'I believe in love, but not monogamy,' he says plainly.

And this isn't a made up troll bullshit either! He actually stated this tripe, which makes it obvious that he is trying to politely say that he's a flaming homo [comp-u-geek.net] slut [rotten.com]!

Speaking about 'flaming,' who better to point out as a filthy chutney ferret than Slashdot's very own self-confessed pederast Jon Katz. Although an obvious deviant anagram cannot be found from his name, he has already confessed, nay boasted of the homosexual [goatse.fr] perversion of corrupting the innocence of young children [slashdot.org]. To quote from the article linked:

'I've got a rare kidney disease,' I told her. 'I have to go to the bathroom a lot. You can come with me if you want, but it takes a while. Is that okay with you? Do you want a note from my doctor?'

Is this why you were touching your penis [rotten.com] in the cinema, Jon? And letting the other boys touch it too?

We should also point out that Jon Katz refers to himself as 'Slashdot's resident Gasbag.' Is there any more doubt? For those fortunate few who aren't aware of the list of homosexual [goatse.fr] terminology found inside the Linux 'Sauce Code,' a 'Gasbag' is a pervert who gains sexual gratification from having a thin straw inserted into his urethra (or to use the common parlance, 'piss-pipe'), then his homosexual [goatse.fr] lover blows firmly down the straw to inflate his scrotum. This is, of course, when he's not busy violating the dignity and copyright of posters to Slashdot by gathering together their postings and publishing them en masse to further his twisted and manipulative journalistic agenda.

Sick, disgusting antichristian perverts, the lot of them.

In addition, many of the Linux distributions (a 'distribution' is the most common way to spread the faggots' wares) are run by faggot groups. The Slackware [redhat.com] distro is named after the 'Slack-wear' fags wear to allow easy access to the anus for sexual purposes. Furthermore, Slackware is a close anagram of claw arse, a reference to the homosexual [goatse.fr] practise of anal fisting. The Mandrake [slackware.com] product is run by a group of French faggot satanists, and is named after the faggot nickname for the vibrator. It was also chosen because it is an anagram for dark amen and ram naked, which is what they do.

Another 'distro,' (abbrieviated as such because it sounds a bit like 'Disco,' which is where homosexuals [goatse.fr] preyed on young boys in the 1970s), is Debian, [mandrake.com] an anagram of in a bed, which could be considered innocent enough (after all, a bed is both where we sleep and pray), until we realise what other names Debian uses to describe their foul wares. 'Woody' is obvious enough, being a term for the erect male penis [rotten.com], glistening with pre-cum. But far sicker is the phrase 'Frozen Potato' that they use. This filthy term, again found in the secret homosexual [goatse.fr] 'Sauce Code,' refers to the solo homosexual [goatse.fr] practice of defecating into a clear polythene bag, shaping the turd into a crude approximation of the male phallus, then leaving it in the freezer overnight until it becomes solid. The practitioner then proceeds to push the frozen 'potato' up his own rectum, squeezing it in and out until his tight young balls erupt in a screaming orgasm.

And Red Hat [debian.org] is secret homo [comp-u-geek.net] slang for the tip of a penis [rotten.com] that is soaked in blood from a freshly violated underage ringpiece.

The fags have even invented special tools to aid their faggotry! For example, the 'supermount' tool was devised to allow deeper penetration, which is good for fags because it gives more pressure on the prostate gland. 'Automount' is used, on the other hand, because Linux users are all fat and gay, and need to mount each other [comp-u-geek.net] automatically.

The depths of their depravity can be seen in their use of 'mount points.' These are, plainly speaking, the different points of penetration. The main one is obviously/anus, but there are others. Militant fags even say 'there is no/opt mount point' because for these dirty perverts faggotry is not optional but a way of life.

More evidence is in the fact that Linux users say how much they love `man`, even going so far as to say that all new Linux users (who are in fact just innocent heterosexuals indoctrinated by the gay propaganda) should try out `man`. In no other system do users boast of their frequent recourse to a man.

Other areas of the system also show Linux's inherent gayness. For example, people are often told of the 'FAQ,' but how many innocent heterosexual Windows [amiga.com] users know what this actually means. The answer is shocking: Faggot Anal Quest: the voyage of discovery for newly converted fags!

Even the title 'Slashdot [geekizoid.com]' originally referred to a homosexual [goatse.fr] practice. Slashdot [kuro5hin.org] of course refers to the popular gay practice of blood-letting. The Slashbots, of course are those super-zealous homosexuals [goatse.fr] who take this perversion to its extreme by ripping open their anuses, as seen on the site most popular with Slashdot users, the depraved work of Satan, http://www.eff.org/ [eff.org].

The editors of Slashdot [slashduh.org] also have homosexual [goatse.fr] names: 'Hemos' is obvious in itself, being one vowel away from 'Homos.' But even more sickening is 'Commander Taco' which sounds a bit like 'Commode in Taco,' filthy gay slang for a pair of spreadeagled buttocks that are caked with excrement [pboy.com]. (The best form of lubrication, they insist.) Sometimes, these 'Taco Commodes' have special 'Salsa Sauce' (blood from a ruptured rectum) and 'Cheese' (rancid flakes of penis [rotten.com] discharge) toppings. And to make it even worse, Slashdot [notslashdot.org] runs on Apache!

The Apache [microsoft.com] server, whose use among fags is as prevalent as AIDS, is named after homosexual [goatse.fr] activity -- as everyone knows, popular faggot band, the Village People, featured an Apache Indian, and it is for him that this gay program is named.

And that's not forgetting the use of patches in the Linux fag world -- patches are used to make the anus accessible for repeated anal sex even after its rupture by a session of fisting.

To summarise: Linux is gay. 'Slash -- Dot' is the graphical description of the space between a young boy's scrotum and anus. And BeOS [apple.com] is for hermaphrodites and disabled 'stumpers.'


What worries me is how much you know about what gay people do. I'm scared I actually read this whole thing. I think this post is a good example of the negative effects of Internet usage on people. This person obviously has no social life anymore and had to result to writing something as stupid as this. And actually take the time to do it too. Although... I think it was satire.. blah.. it's early. -- Anonymous Coward, Slashdot

Well, the only reason I know all about this is because I had the misfortune to read the Linux 'Sauce code' once. Although publicised as the computer code needed to get Linux up and running on a computer (and haven't you always been worried about the phrase 'Monolithic Kernel'?), this foul document is actually a detailed and graphic description of every conceivable degrading perversion known to the human race, as well as a few of the major animal species. It has shocked and disturbed me, to the point of needing to shock and disturb the common man to warn them of the impending homo [comp-u-geek.net]-calypse which threatens to engulf our planet.

You must work for the government. Trying to post the most obscene stuff in hopes that slashdot won't be able to continue or something, due to legal woes. If i ever see your ugly face, i'm going to stick my fireplace poker up your ass, after it's nice and hot, to weld shut that nasty gaping hole of yours. -- Anonymous Coward, Slashdot

Doesn't it give you a hard-on to imagine your thick strong poker ramming it's way up my most sacred of sphincters? You're beyond help, my friend, as the only thing you can imagine is the foul penetrative violation of another man. Are you sure you're not Eric Raymond? The government, being populated by limp-wristed liberals, could never stem the sickening tide of homosexual [goatse.fr] child molesting Linux advocacy. Hell, they've given NAMBLA free reign for years!

you really should post this logged in. i wish i could remember jebus's password, cuz i'd give it to you. -- mighty jebus [slashdot.org], Slashdot

Thank you for your kind words of support. However, this document shall only ever be posted anonymously. This is because the 'Open Sauce' movement is a sham, proposing homoerotic cults of hero worshipping in the name of freedom. I speak for the common man. For any man who prefers the warm, enveloping velvet folds of a woman's vagina [bodysnatchers.co.uk] to the tight puckered ringpiece of a child. These men, being common, decent folk, don't have a say in the political hypocrisy that is Slashdot culture. I am the unknown liberator [hitler.org].

ROLF LAMO i hate linux FAGGOTS -- Anonymous Coward, Slashdot

We shouldn't hate them, we should pity them for the misguided fools they are... Fanatical Linux zeal-outs need to be herded into camps for re-education and subsequent rehabilitation into normal heterosexual society. This re-education shall be achieved by forcing them to watch repeats of Baywatch until the very mention of Pamela Anderson [rotten.com] causes them to fill their pants with healthy heterosexual jism [zillabunny.com].

Actually, that's not at all how scrotal inflation works. I understand it involves injecting sterile saline solution into the scrotum. I've never tried this, but you can read how to do it safely in case you're interested. (Before you moderate this down, ask yourself honestly -- who are the real crazies -- people who do scrotal inflation, or people who pay $1000+ for a game console?) -- double_h [slashdot.org], Slashdot

Well, it just goes to show that even the holy Linux 'sauce code' is riddled with bugs that need fixing. (The irony of Jon Katz not even being able to inflate his scrotum correctly has not been lost on me.) The Linux pervert elite already acknowledge this, with their queer slogan: 'Given enough arms, all rectums are shallow.' And anyway, the PS2 [xbox.com] sucks major cock and isn't worth the money. Intellivision forever!

dude did u used to post on msnbc's nt bulletin board now that u are doing anti-gay posts u also need to start in with anti-black stuff too c u in church -- Anonymous Coward, Slashdot

For one thing, whilst Linux is a cavalcade of queer propaganda masquerading as the future of computing, NT [linux.com] is used by people who think nothing better of encasing their genitals in quick setting plaster then going to see a really dirty porno film, enjoying the restriction enforced onto them. Remember, a wasted arousal is a sin in the eyes of the Catholic church [atheism.org]. Clearly, the only god-fearing Christian operating system in existence is CP/M -- The Christian Program Monitor. All computer users should immediately ask their local pastor to install this fine OS onto their systems. It is the only route to salvation.

Secondly, this message is for every man. Computers know no colour. Not only that, but one of the finest websites in the world is maintained by a Black Man [stileproject.com] . Now fuck off you racist donkey felcher.

And don't forget that slashdot was written in Perl, which is just too close to 'Pearl Necklace' for comfort.... oh wait; that's something all you heterosexuals do.... I can't help but wonder how much faster the trolls could do First-Posts on this site if it were redone in PHP... I could hand-type dynamic HTML pages faster than Perl can do them. -- phee [slashdot.org], Slashdot

Although there is nothing unholy about the fine heterosexual act of ejaculating between a woman's breasts, squirting one's load up towards her neck and chin area, it should be noted that Perl [python.org] (standing for Pansies Entering Rectums Locally) is also close to 'Pearl Monocle,' 'Pearl Nosering,' and the ubiquitous 'Pearl Enema.'

One scary thing about Perl [sun.com] is that it contains hidden homosexual [goatse.fr] messages. Take the following code: LWP::Simple -- It looks innocuous enough, doesn't it? But look at the line closely: There are two colons next to each other! As Larry 'Balls to the' Wall would openly admit in the Perl Documentation, Perl was designed from the ground up to indoctrinate it's programmers into performing unnatural sexual acts -- having two colons so closely together is clearly a reference to the perverse sickening act of 'colon kissing,' whereby two homosexual [goatse.fr] queers spread their buttocks wide, pressing their filthy torn sphincters together. They then share small round objects like marbles or golfballs by passing them from one rectum to another using muscle contraction alone. This is also referred to in programming 'circles' as 'Parameter Passing.'

And PHP [perl.org] stands for Perverted Homosexual Penetration. Didn't you know?

Thank you for your valuable input on this. I am sure you will be never forgotten. BTW: Did I mention that this could be useful in terraforming Mars? Mars rulaa. -- Eimernase [slashdot.org], Slashdot

Well, I don't know about terraforming Mars, but I do know that homosexual [goatse.fr] Linux Advocates have been probing Uranus for years.

That's inspiring. Keep up the good work, AC. May God in his wisdom grant you the strength to bring the plain honest truth to this community, and make it pure again. Yours, Cerberus. -- Anonymous Coward, Slashdot

*sniff* That brings a tear to my eye. Thank you once more for your kind support. I have taken faith in the knowledge that I am doing the Good Lord [atheism.org]'s work, but it is encouraging to know that I am helping out the common man here.

However, I should be cautious about revealing your name 'Cerberus' on such a filthy den of depravity as Slashdot. It is a well known fact that the 'Kerberos' documentation from Microsoft is a detailed manual describing, in intimate, exacting detail, how to sexually penetrate a variety of unwilling canine animals; be they domesticated, wild, or mythical. Slashdot posters have taken great pleasure in illegally spreading this documentation far and wide, treating it as an 'extension' to the Linux 'Sauce Code,' for the sake of 'interoperability.' (The slang term they use for nonconsensual intercourse -- their favourite kind.)

In fact, sick twisted Linux deviants are known to have LAN parties, (Love of Anal Naughtiness, needless to say.), wherein they entice a stray dog, known as the 'Samba Mount,' into their homes. Up to four of these filth-sodden blasphemers against nature take turns to plunge their erect, throbbing, uncircumcised members, conkers-deep, into the rectum, mouth, and other fleshy orifices of the poor animal. Eventually, the 'Samba Mount' collapses due to 'overload,' and needs to be 'rebooted.' (i.e., kicked out into the street, and left to fend for itself.) Many Linux users boast about their 'uptime' in such situations.

Inspiring stuff! If only all trolls were this quality! -- Anonymous Coward, Slashdot

If only indeed. You can help our brave cause by moderating this message up as often as possible. I recommend '+1, Underrated,' as that will protect your precious Karma in Metamoderation [slashdot.org]. Only then can we break through the glass ceiling of Homosexual Slashdot Culture. Is it any wonder that the new version of Slashcode has been christened 'Bender'???

If we can get just one of these postings up to at least '+1,' then it will be archived forever! Others will learn of our struggle, and join with us in our battle for freedom!

It's pathetic you've spent so much time writing this. -- Anonymous Coward, Slashdot

I am compelled to document the foulness and carnal depravity [catholic.net] that is Linux, in order that we may prepare ourselves for the great holy war that is to follow. It is my solemn duty to peel back the foreskin of ignorance and apply the wire brush of enlightenment.

As with any great open-source project, you need someone asking this question, so I'll do it. When the hell is version 2.0 going to be ready?!?! -- Anonymous Coward, Slashdot

I could make an arrogant, childish comment along the lines of 'Every time someone asks for 2.0, I won't release it for another 24 hours,' but the truth of the matter is that I'm quite nervous of releasing a 'number two,' as I can guarantee some filthy shit-slurping Linux pervert would want to suck it straight out of my anus before I've even had chance to wipe.

I desperately want to suck your monolithic kernel, you sexy hunk, you. -- Anonymous Coward, Slashdot

I sincerely hope you're Natalie Portman [archive.org].

Dude, nothing on slashdot larger than 3 paragraphs is worth reading. Try to distill the message, whatever it was, and maybe I'll read it. As it is, I have to much open source software to write to waste even 10 seconds of precious time. 10 seconds is all its gonna take M$ to whoop Linux's ass. Vigilence is the price of Free (as in libre -- from the fine, frou frou French language) Software. Hack on fellow geeks, and remember: Friday is Bouillabaisse day except for heathens who do not believe that Jesus died for their sins. Those godless, oil drench, bearded sexist clowns can pull grits from their pantaloons (another fine, fine French word) and eat that. Anyway, try to keep your message focused and concise. For concision is the soul of derision. Way. -- Anonymous Coward, Slashdot

What the fuck?

I've read your gay conspiracy post version 1.3.0 and I must say I'm impressed. In particular, I appreciate how you have managed to squeeze in a healthy dose of the latent homosexuality you gay-bashing homos [comp-u-geek.net] tend to be full of. Thank you again. -- Anonymous Coward, Slashdot

Well bugger me!

ooooh honey. how insecure are you!!! wann a little massage from deare bruci. love you -- Anonymous Coward, Slashdot

Fuck right off!

IMPORTANT: This message needs to be heard (Not HURD [linux.org], which is an acronym for 'Huge Unclean Rectal Dilator') across the whole community, so it has been released into the Public Domain [icopyright.com]. You know, that licence that we all had before those homoerotic crypto-fascists came out with the GPL [apple.com] (Gay Penetration License) that is no more than an excuse to see who's got the biggest feces-encrusted [rotten.com] cock. I would have put this up on Freshmeat [adultmember.com], but that name is known to be a euphemism for the tight rump of a young boy.

Come to think of it, the whole concept of 'Source Control' unnerves me, because it sounds a bit like 'Sauce Control,' which is a description of the homosexual [goatse.fr] practice of holding the base of the cock shaft tightly upon the point of ejaculation, thus causing a build up of semenal fluid that is only released upon entry into an incision made into the base of the receiver's scrotum. And 'Open Sauce' is the act of ejaculating into another mans face or perhaps a biscuit to be shared later. Obviously, 'Closed Sauce' is the only Christian thing to do, as evidenced by the fact that it is what Cathedrals are all about.

Contributors: (although not to the eternal game of 'soggy biscuit' that open 'sauce' development has become) Anonymous Coward, Anonymous Coward, phee, Anonymous Coward, mighty jebus, Anonymous Coward, Anonymous Coward, double_h, Anonymous Coward, Eimernase, Anonymous Coward, Anonymous Coward, Anonymous Coward, Anonymous Coward, Anonymous Coward, Anonymous Coward, Anonymous Coward, Anonymous Coward. Further contributions are welcome.

Current changes: This version sent to FreeWIPO [slashdot.org] by 'Bring BackATV' as plain text. Reformatted everything, added all links back in (that we could match from the previous version), many new ones (Slashbot bait links). Even more spelling fixed. Who wrote this thing, CmdrTaco himself?

Previous changes: Yet more changes added. Spelling fixed. Feedback added. Explanation of 'distro' system. 'Mount Point' syntax described. More filth regarding `man` and Slashdot. Yet more fucking spelling fixed. 'Fetchmail' uncovered further. More Slashbot baiting. Apache exposed. Distribution licence at foot of document.

ANUX -- A full Linux distribution... Up your ass!

Re:With enough eyeballs, all bugs are shallow (0)

Anonymous Coward | more than 2 years ago | (#36493034)


Re:With enough eyeballs, all bugs are shallow (0)

Anonymous Coward | more than 2 years ago | (#36493064)

Did I accidentally go to 4chan's /g/ again?

Impressive compared to what? (1)

Anonymous Coward | more than 2 years ago | (#36492998)

Don't get me wrong; $60k in 3 months is not a bad haul for anybody. But as the single biggest payout (over time) fluke ever, it kind of sucks, and is reflective of the average pay one can expect pursuing this career, which also sucks.

If you want to shoot for the moon, you might as well just play the lottery.

It's another thing if you hack for fun, and can collect a little money on the side for it. But this is not a sustainable career for anyone and slashdot in particular needs to stop acting like these guys are rolling in money. They may well be independently wealthy for other reasons, which gives them time to pursue hacking in the first place, but they aren't getting rich or even gainfully employed from these activities.

Re:Impressive compared to what? (0)

Anonymous Coward | more than 2 years ago | (#36493076)

New model of society: govt pays ppl a basic income and govt and biz hold challenges to stimulate individuals to create and innovate and provide services like bug-finding without the need to work for a corporation. The resulting new knowledge and technology that the country as a whole produces allows the govt to make taxes voluntary and print the budget while the currency stays strong. See Japan's 200% debt-to-gdp ratio and too-strong currency for what the future of economics will look like...

In conclusion, Reagan proved deficits don't matter.

Re:Impressive compared to what? (2)

Hazel Bergeron (2015538) | more than 2 years ago | (#36493146)

New model of society: govt pays ppl a basic income and govt and biz hold challenges to stimulate individuals to create and innovate and provide services like bug-finding without the need to work for a corporation.

Read Thomas Paine on the basic income guarantee and Thomas Jefferson on copyright.

Your ideas are as old as the USA, thus dangerously close to revolutionary in today's environment.

Re:Impressive compared to what? (0)

Anonymous Coward | more than 2 years ago | (#36493080)

The number of projects which pay for bug discovery is amazingly low; I doubt the entire field could support more than 100 people 'pursuing' this 'career'.

Re:Impressive compared to what? (0)

Anonymous Coward | more than 2 years ago | (#36493120)

There is a market for about 6 computers.

Re:Impressive compared to what? (2)

ark1 (873448) | more than 2 years ago | (#36493088)

The real money is in the black market of 0days. That is where Intelligence agencies and criminals compete for new vulnerabilities and are willing to throw some major money depending on the severity. If you are fortunate to find a critical 0day - think remote exploitation in a popular OS/application without user interaction then you may pocket 6 or even 7 figures for a single bug. White hat reporting is mainly done as a hobby and/or advertisement of your personal skills or your company and is not really meant to be a full time job.

Re:Impressive compared to what? (0)

Anonymous Coward | more than 2 years ago | (#36493132)

You know, I've been producing 0days for about 3 years now, and I haven't yet found this black market people keep talking about. I don't think it actually exists.

Re:Impressive compared to what? (0)

Anonymous Coward | more than 2 years ago | (#36497066)

Obviously no one is going to offer you money if you keep doing it for free.

Re:Impressive compared to what? (1)

BitZtream (692029) | more than 2 years ago | (#36495282)

Thats 240k/year and doesn't require you to live somewhere that 240k a year isn't a big salary.

240k/year is decent pay for anyone doing that job with the exception to that being the jobs doing it in areas where it costs a million plus a year just to pay your rent.

You're seriously claiming you make 240k/year or more and that that is 'average pay'? What shitty assed city do you live in where thats the case cause there are only a limited number of places where 240k/year is average pay and pretty much none of them are home of software companies that do this sort of thing.

If you meant to say 60k/year is average pay for this sort of work ... then sure, but thats for a years worth of work, not 3 months of spare time.

but they aren't getting rich or even gainfully employed from these activities.

You are completely disconnected from reality, you clearly have no idea what the average salary is for this sort of work.

Do you even have a job and live on your own? The only way I can see someone making these sort of statements is if they are still in high school living at home with absolutely no idea what the real world is actually life when mommy and daddy aren't carrying your weight.

Re:Impressive compared to what? (0)

Anonymous Coward | more than 2 years ago | (#36495496)

Since your reading comprehension is so low, I will explain it to you more clearly.

In other lines of work, such as business, recording, film, architecture, etc. people can be paid "up to" several million a year. Those people are very few, but they exist and could be used as poster children. Here in this story, the amount of $240k/yr (i.e. $60k/3 months) is being touted as a big payoff, and it is for this line of work. But if that's a "big" payoff, then what is the average? Hint: the summary says Mozilla pays $40k per year. That's divided across everyone who received a payment. With just four people receiving payments, that averages less than $10k salary.

So if you are the one guy in a million who can manage a decent living from this kind of work, good for you. Are you that man, or are you one of the other 999,999 who are better off playing the lottery?

Since you think that the $60k/3 months represents an "average" payoff for this kind of work, you are the one who has completely and utterly failed to grasp reality. Thanks for the entertaining post though.

Re:Impressive compared to what? (0)

Anonymous Coward | more than 2 years ago | (#36496180)

Been a while since anyone was even able to carry yours right?

profit! (0)

Anonymous Coward | more than 2 years ago | (#36493002)

1. write buggy code
2. inform an accomplice of the bug
3. profit

Re:profit! (1)

Anonymous Coward | more than 2 years ago | (#36493036)

Don't you mean:

1. Write buggy code.
2. Sell support contracts.
3. Profit.

Re:profit! (0)

Anonymous Coward | more than 2 years ago | (#36493042)

4. get fired (and become unhireable) after the fifth such attempt is noticed.

"when he was 19 years old" (0)

Anonymous Coward | more than 2 years ago | (#36493016)

When was that? 10 years ago?

Re:"when he was 19 years old" (0)

Anonymous Coward | more than 2 years ago | (#36493112)

"The 25-year-old Aaron Portnoy has been tracking down bugs since he was barely into his teens."

So, yeah, 10 years ago.

Here I sit all broken hearted (0)

Anonymous Coward | more than 2 years ago | (#36493024)

Tried to shit but only ... ?

Bug hunter? (0)

Anonymous Coward | more than 2 years ago | (#36493030)

Since when have entomologists become so interesting?

Ahem... (5, Funny)

bughunter (10093) | more than 2 years ago | (#36493038)

I was not consulted for this article, therefore it must be considered suspect.

Re:Ahem... (1)

bughunter (10093) | more than 2 years ago | (#36493130)

I should add, it's easier when the bugs find you. It takes a special kind of [karma|luck|uncanny statistical influence] to be a real bughunter. You have to be the kind of person who only needs to walk by a piece of dodgy tech in order to induce it to fail. That gives you an inkling of what life as a bughunter is really like.

On one hand, being an early adopter is just asking for trouble. Don't go there, unless you're being paid to. If it's been half-assed, you're going to find out -- and these days it seems like nearly everything new is also hemi-gluteous.

On the other hand, the stuff you design and build tends to be rather bulletproof, because you avoid unnecessary complexity, learn to identify and verify your assumptions, and test the living shit out of everything.

Re:Ahem... (0)

Anonymous Coward | more than 2 years ago | (#36493804)

So... You use a magnet?

Re:Ahem... (0)

Anonymous Coward | more than 2 years ago | (#36496762)

I should add, it's easier when the bugs find you. It takes a special kind of [karma|luck|uncanny statistical influence] to be a real bughunter. You have to be the kind of person who only needs to walk by a piece of dodgy tech in order to induce it to fail.

Oh, you've met me before...

Re:Ahem... (0)

Anonymous Coward | more than 2 years ago | (#36606764)

I used to teach 'the method' to other programmers. But the came to hate me. Now I just keep it to myself. It is not that hard. Most people do not even bother to check their inputs. Overflowing them or breaking out of a sandbox is not that hard. You just need to have a 'ok' understanding of how it works and what you are trying to do. One of the 'easy' ones from a long time ago was my preferred username /HTML with a couple of gt's around it.

haha my catchpa 'escaping'!

I create bug.. (0)

Anonymous Coward | more than 2 years ago | (#36493096)

I create bug You find bug give me 50% ok?

Not a sustainable career! (0)

Anonymous Coward | more than 2 years ago | (#36493108)

Talk about writing yourself out of a job!

Whoa (1)

DurendalMac (736637) | more than 2 years ago | (#36493138)

So being a bug chaser is now a profession? Who knew?

Re:Whoa (0)

Anonymous Coward | more than 2 years ago | (#36493308)

Yes. It's called "the QA team". You're welcome. :P

Also: What good is a bug bounty, if you're not fixing the bugs, hm Mozilla? (Now I have to re-start my Firefox, who eats up 1.6GB of RAM. NO program should ever need that much RAM, without a massive data set being open! It's like they wrapped a whole operating system, written in a scripting language, inside a virtual machine, written in "as always, leaking left and right" C. ...Oh,wait! They did! It's like "the worst of both worlds". ;)

Re:Whoa (2)

hedwards (940851) | more than 2 years ago | (#36493364)

Firefox doesn't use that much RAM under normal conditions. Apart from that bug when you load up a whole page of photos, the use of memory is way below any of the major competitors.

Doesn't mean that it doesn't happen, but it's usually not Firefox, it usually ends up being a plug in or extension that's using up most of the memory. Under normal circumstances you're not likely to ever use more than 500mb.

Re:Whoa (0)

Anonymous Coward | more than 2 years ago | (#36494372)

Hello shill, how are you today?

Re:Whoa (1)

BitZtream (692029) | more than 2 years ago | (#36495346)

From what you've said, I can safely deduce without any uncertainly that you have never actually used Firefox at any point in your life.

As far as it being a plugin or something, I'll tell you the same thing I told our VoIP provider ...

I don't care WHAT or WHY the exact reason is, when I do A ... B happens. I don't care if its not A's fault, if I don't use it, it doesn't happen so you're choices are to make it so A prevents something else from causing it a problem, or I'll use something else.

No one gives a shit what the specific reason Firefox eats RAM is, it indicates bad design in general.

Windows crashes all the time cause Microsoft writes shitty buggy software. That statement is pretty much 100% false. 10 times out of 8 when a Windows PC crashes its related to a 3rd party driver. But no one gives a shit because Windows has still crashed.

Blame it on other stuff all day long, the rest of us are still going to think of Firefox as wasting a bunch of ram because anyone who uses it finds it wasting a lot of ram. If third party plugins are the problem, and everyone uses 3rd party plugins then the browser is still broken.

Re:Whoa (1)

hedwards (940851) | more than 2 years ago | (#36496052)

To be honest, we don't really care what people as fucking stupid as you think about things. I don't represent Mozilla, but it's not helpful to pretend like your situation is typical without actually providing any evidence. You're not going to fix a problem caused by extensions by mucking around in the browser code, sure when add ons get their own processes, it will be a lot easier to know who is responsible for what.

But, at the moment, only a fucking moron would claim that it's Firefox' fault that other people can't code properly.

As for MS, it's there fault that their architecture was so incompetently designed for so long. Remermber this is the same outfit that felt that it was OK to ignore the specs for ACPI and put work arounds for known buggy implementations into their code. They long ago gave up any credibility in that regards. Not to mention the fact that when Windows crashed nobody, not even their support people, had any idea what was causing it based upon the error messages. They've gotten better, but that's the way it's been.

And yes, I do care who's at fault, if it's MS' fault, then that's one thing, if it's the hardware vendor, I'm not going to solve that problem by ditching Windows.

Re:Whoa (1)

kyz (225372) | more than 2 years ago | (#36499646)

Firefox doesn't use that much RAM under normal conditions.

Yes it does. Mozilla know this and have an entire team of people [internetnews.com] addressing Firefox 4 memory usage issues. They're looking at 18 P1 bugs [mozilla.org], 84 total.

My Firefox is has 1.3GB mapped, but is only using 300MB right now (according to the very useful about:memory)... that's a serious fragmentation problem, because as far as my operating system is concerned, that's a 1.3GB program, not a 300MB program.

Re:Whoa (1)

arkenian (1560563) | more than 2 years ago | (#36502642)

I just have to say that I use very few plugins, and I'm not sure I've ever actually SEEN firefox come in at under 500 mb. Ever. Now granted, usually I'm up to more than ten tabs by the time a task manager pops up where I might check this, but still....

Re:Whoa (1)

Migala77 (1179151) | more than 2 years ago | (#36507544)

Firefox doesn't use that much RAM under normal conditions. Apart from that bug when you load up a whole page of photos, the use of memory is way below any of the major competitors.

Doesn't mean that it doesn't happen, but it's usually not Firefox, it usually ends up being a plug in or extension that's using up most of the memory. Under normal circumstances you're not likely to ever use more than 500mb.

Then tell me which extension it is. Just a simple task manager, then I'll know who to blame.

Real bugs (1)

Lord Lode (1290856) | more than 2 years ago | (#36493176)

Ok, so even though I'm a programmer, when I started reaading the article, I was really thinking this was about a vermin hunter, someone who rids people's houses of infestations of insects or something like that... Am I the only one?

Re:Real bugs (0)

Anonymous Coward | more than 2 years ago | (#36493234)

It's ok, you're not alone

Re:Real bugs (1)

Gaygirlie (1657131) | more than 2 years ago | (#36493238)

Ok, so even though I'm a programmer, when I started reaading the article, I was really thinking this was about a vermin hunter, someone who rids people's houses of infestations of insects or something like that... Am I the only one?

No, you aren't. I just thought about someone going Terminator-on-your-ass on cockroaches or something before I read the submission itself.

Re:Real bugs (0)

Anonymous Coward | more than 2 years ago | (#36493260)

Did you happen to work on the Mark II in the 40's?

OSS promises (1)

gutnor (872759) | more than 2 years ago | (#36493314)

The promises of OSS was to have more eyes looking at your code and therefore making better software.

That is var sad that money needs to be involved, but we don't live in the same OMG ponies world RMS lives in, it died in the 80s after our pot smoking parent changed their mind about the value of money. Nowadays, you see leech of the system making money with all sorts of repulsive business model, ... so that is a good thing that security researcher gets rewarded and that student with too much time invest it improving the common good rather than another link farm business.

Re:OSS promises (0)

Anonymous Coward | more than 2 years ago | (#36493376)

This is just an incentive program to get more eyes on the problem. Without monetary incentive many people would be bug hunting on applications that they are personally interested. Bug hunting for web browsers doesn't sound much fun to me, so I would spend my time poking at other applications, however add in the chance to make some money on the side I'd be more interested in spending at least some small amount of time poking at FF.

Lite? (4, Insightful)

ninetyninebottles (2174630) | more than 2 years ago | (#36493342)

From the article:

"When we started out it was $1337 which if you write it down spells out 'lite' which is hacker speak for elite. Since then we've increased the top prize to 3133.70 which spells 'elite,'" explained Rukowski.

Seriously? 1337 spells "lite"? Are the authors of this article really that clueless and have that little competent review of their material? 1337 spells "leet" which sounds like "elite" if you don't really pronounce the first letter. Isn't this explained in "Hackers" or some other pop culture movie?

Re:Lite? (1)

mkiwi (585287) | more than 2 years ago | (#36494834)

For a brief moment, I had the fancy of thinking entomologists were traveling the Amazon, making new discoveries for large amounts of money. That's pretty l337. I'm going to go back and read xkcd now.

Re:Lite? (0)

Anonymous Coward | more than 2 years ago | (#36496894)

Considering leet is marked as a typo, it was probably "corrected" by someone who wasn't paying attention to the topic...

Re:Lite? (0)

Anonymous Coward | more than 2 years ago | (#36497902)

And "3133.70" sounds like eleeto which I assume is spanish for Elite!

spec work (1)

kylemonger (686302) | more than 2 years ago | (#36493700)

In other creative industries, these contests are known for the exploitative ruse that they are. They fall under a more general class of labor called "spec work." With contests in general, or in this case bug bounties, a large number of people are induced to work while only a few or maybe none are actually paid.

Re:spec work (1)

blue trane (110704) | more than 2 years ago | (#36493928)

better that they be working towards some kind of good than that they, for example, be trying to exploit existing bugs or looking for new bugs to exploit...

more outstanding work from the bbc tech idiot team (1)

chewy_fruit_loop (320844) | more than 2 years ago | (#36497532)

"When we started out it was $1337 which if you write it down spells out 'lite' which is hacker speak for elite. Since then we've increased the top prize to 3133.70 which spells 'elite,'" explained Rukowski.

honestly their research knows no bounds

I rather going to barbecue (1)

luk3Z (1009143) | more than 2 years ago | (#36500898)

I rather going to barbecue with my friends than stay in home and hunt for bugs...

Article is poorly researched. (0)

Anonymous Coward | more than 2 years ago | (#36506956)

We gave Bug Bounties in the Graphics Forums on CompuServe ca. 1990. A floppy disc full of images was mailed to the subscriber when a confirmed bad graphic was found (not uncommon in those days).

Check for New Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account