Why Do Bug Bounty Hunters Do What They Do? We Asked Them.

Why do bug bounty hunters do what they do- We asked them.jpg
 

This episode of An InfoSec Life is made possible by the generosity of our sponsor, IRONSCALES.


By Sean Martin

Today’s episode could easily carry over into one of our other columns here on the magazine called The Academy as today’s discussion brings us down a path of education, training, and learning by taking a deeper dive into the world of the hacker community.

Today, Marco Ciappelli and Sean Martin are joined by two penetration testers who also double as bug bounty hunters in their spare time. On today’s show are Jasmin Landry (@JR0ch17), Sr. Security Analyst at SecureOps, and Darrell Damstedt, aka @hateshaped. We’re also joined by the Bugcrowd’s Senior Community Manager, Sam Houston.

Together, the group looks at why penetration testers and bug bounty hunters do what they do, why they love being a security researcher, and what motivates them. Also discussed is the value of the hacker community—both digitally online and in person at conferences—and the role it plays in information sharing and learning.

Tied to this conversation are the more formal bug bounty training opportunities and the legal protections researchers get when engaging with a formal bug bounty program—both of which give ethical hackers the freedom (and legal safety) to push the boundaries to find the digital bad things before the bad guys and bad gals (and bad bots) do.

Bug bounties enable you to hack on stuff and gives you a legal way to do it.
— Sam Houston, Bugcrowd

Of course, since it is a common topic here on ITSPmagazine, we also take a moment to explore why these two researchers often shy away from claiming the label “hacker,” especially when crossing the border on business trips.

Now… are you interested in becoming a bug bounty hunter having read this? Then listen in to see if this world of research and responsible disclosure is for you. Enjoy!