The Bug Bounty Hunter and The New Zero-Day Exploit Economy

History

Bugs, also referred to as vulnerabilities in software, are flaws that can be abused to cause unintended behaviors in the system or software that result in the disclosure of sensitive information, negatively impact availability, or provide unauthorized access. These bugs are what malicious hackers use to create exploits around thIn this article I demystify the new economy of crowd sourced bug bounty programs, such as HackerOne, Synack, and Bugcrowd and the evolution of vulnerability research from the old Bugtraq days to for-profit research.at enable them to successfully achieve their after-action goals in a long kill chain of steps. Thus, the lifecycle can be described as first starting with the discovery of a bug in a software or application by vulnerability researchers or malicious hackers, exploit creation for those discovered bugs, and if found by a malicious hacker, then result in exploitation of the bug actively in the “wild” until the manufacturer or developer creates a fix or patch that renders the exploit ineffective.

I remember as if it were yesterday as I recall seeing the announcement of a new mailing list called Bugtraq in November of 1993 by Scott Chasin that would provide an unmoderated, open forum for security researchers and security practitioners around the world to collaborate over the…