from the learn-to-zoom-zoom-zoom-slap-that-bass dept.
Zoom awarded $1.8 million in bug bounty rewards over 2021:
Zoom has awarded $1.8 million to researchers who submitted bug bounty reports over 2021.
Bug bounty programs, whether private and available to invitees-only or public, where anyone can submit a vulnerability report, have become a critical method for organizations to improve their security posture.
The industry is beset with talent shortages. Estimates suggest that there will be approximately 3.5 million unfilled job openings by 2025 in the US alone, and until there are more specialists available, companies often can't just rely on in-house security teams, who have more than enough of a workload.
This is where bug bounties come in: external researchers and bug hunters can perform tests on software and services, report any severe security issues, and receive credit and/or financial rewards in return.
The popularity of Zoom's teleconferencing video software exploded overnight due to COVID-19 and lockdowns, with many of us forced to work from home. However, the rapid increase in users also highlighted security problems that had to be addressed quickly. Hence, a bug bounty program was one of the firm's initiatives for improving the situation.
(Score: 4, Insightful) by MostCynical on Saturday April 09 2022, @12:07AM (4 children)
$1.8million
wage for QA tester: $100,000 pa
assume 30% overheads means $130,000pa
1.8m/130K ~ 13 testers
"I guess once you start doubting, there's no end to it." -Batou, Ghost in the Shell: Stand Alone Complex
(Score: 3, Interesting) by optotronic on Saturday April 09 2022, @01:40AM (1 child)
That $1.8 million was for 401 reports, which is ~$4489 per report, on average.
Current bounties range from $250 to $50,000 per report.
I wonder whether they get more for their money with the bounty program?
(Score: 0) by Anonymous Coward on Saturday April 09 2022, @02:31AM
Trick is to get anyone at all that knows what they are doing to work for a corporation these days.
Most of the really knowledgeable folks have run up against the hiring MBA and came to the conclusion of either start your own business, work for someone who knows what you do, or find another line of work.
Either that or accept being a prostitute, knowingly do stuff the wrong way, so that the MBA will consider you a team player and let you live another day.
(Score: 3, Interesting) by janrinok on Saturday April 09 2022, @01:39PM (1 child)
The maths is fair enough but the assumptions are not. You are assuming that the researchers only work for Zoom thus Zoom pay for their entire income. There is no evidence to support this.
Perhaps the researchers work for ten different companies and Zoom actually pay for part of the outcome of 130 researchers, or any one of a number of different combinations.
Perhaps those researchers do other work besides? If I had found a bug and received $1000 I might be quite content to receive that as recompense for a weekend's work, or even for something that I stumbled upon by accident and then looked in the source code to find out why it had happened.
(Score: 0) by Anonymous Coward on Monday April 11 2022, @10:16AM
Whoosh!