Bug bounties attracting Indians like never before companies

Bug bounties is the term used for monetary rewards that tech firms offer to geeks for spotting bugs, errors and security flaws that could lead to severe problems in case hackers spot them.

Off lately, several Indian techies are getting more and more interested in these bug bounties. As per a report by one of the earliest crowd-sourcing companies called Bugcrowd, 28.2% of the hackers that signed up for bug bounty programmes until March were Indians, followed by US (24.4%), the UK (3.9%), Pakistan (3.5%) and Australia (2.4%).

Bug bounties started in 1995, with Netscape announcing rewards to hackers who found bugs in its web browser. Since then, almost all the tech giants, be it Facebook, Google, Apple, Twitter or Yahoo!, have either launched their own programmes or hired with third-party companies to reward hackers who find bugs in their programmes.

Not only IT companies, companies like General Motors, Khan Academy, Starbucks and United Airlines have also run bug bounty programmes, but these are rarely run by Indian companies, fearing security breach in case they have an inside look at their codes.

Paytm, one of the few Indian companies that have run bug bounty programmes, says that open-sourcing security has resulted in more 'hack-proof ' systems.

"While our internal testing teams are always on high alert, bug bounty programmes help us identify sporadic loopholes in our system, and fix them immediately," Sourabh Sharma, assistant vice-president at Paytm, told ET.

While bounties vary from $100 to $200,000 on the international front, Indian companies are very finicky when it comes to these rewards. "Instead of money payments, they send certificates or goodies - CDs, pen drives, T-shirts, etc. These are not lucrative enough," said Vikram Karthik, a Chennai-based ex-security researcher. "Some companies delay the payment and inform a week later that the specific vulnerability has already been reported," he added.

Image source