We review products independently, but we may earn affiliate commissions from buying links on this page. Terms of use.

PCMag UK

8 Unusual Bug Bounty Programs Offering Big Bucks

Chandra Steele
 & Chandra Steele Senior Features Writer

Our team tests, rates, and reviews more than 1,500 products each year to help you make better buying decisions and get more from technology.

Our Expert
LOOK INSIDE PC LABS HOW WE TEST
65 EXPERTS
43 YEARS
41,500+ REVIEWS
Tech is no longer confined to Silicon Valley, and neither are dangerous exploits.

In its early days, the Internet was more Wild Wild West than World Wide Web. It was a new and insecure frontier full of pseudonyms and scammers eager to take advantage of unsuspecting early adopters.

Not much has changed on that front, though there are sheriffs to police things now (sometimes a little too much). Still, bugs creep in, and top tech firms would much prefer that skilled engineers find these vulnerabilities instead of hackers with criminal intent. Enter the bug bounty hunters.

Like real bounty hunting, bug bounty hunting can quickly bring in lots of cash, but it also involves a lot of risk for the reward. Companies may want to squash news of vulnerabilities in their systems and seek to punish those who find them. Or they may decide to shower them with money in thanks. Rewards can reach into six digits, if self-reporting is to be believed. Google alone last year paid researchers more than $2 million.

Platforms like Bugcrowd and HackerOne act as wanted posters for the Internet. Most major tech companies, from Google and Facebook to Microsoft and Apple, offer bug bounties. But there are a few entities you might not suspect are looking for cyber-security help. Check them out in the slideshow.

Pornhub

"I wasn't looking at porn," is probably the line IT professionals hear most when malware strikes. But for every virus-laden adult site on the Web, there is a reputable offering that just wants to help you get your jollies. One of those sites, Pornhub, recently encouraged bounty hunters to report any issues they find on Pornhub.com (desktop and mobile), its premium site, and its apps. Awards range from $50 to $25,000. There are strict rules for testing: no compromising the accounts of users or employees, no denial-of-service attacks, no social-engineering stunts, and no physical attacks against offices and data centers. So if you want some naughty employer-employee action, best to turn to Pornhub itself.

Pentagon

Hacking the Pentagon seems like something only fsociety should attempt. But earlier this year, the Department of Defense urged hackers to do their best to breach the intelligence agency. Ultimately, it handed over about $150,000 to bounty hunters who found 138 vulnerabilities. DOD plans to expand the program, so if you have the urge to hack the government, maybe wait until an announcement is made.

Chrysler

Complete takeover of a vehicle by a remote entity is a pretty frightening thing. After a Jeep fell victim to enterprising hackers, Fiat Chrysler Automobiles became the first US automaker to offer a bug bounty via the Bugcrowd platform. "Automotive cybersafety is real, critical, and here to stay," said Casey Ellis, CEO and founder of Bugcrowd.

MIT

MIT is a competitive place. To up the ante, the school has a bug bounty program for MIT affiliates and a leaderboard that so far has just two participants listed. The target is four MIT domains; rewards can only be spent at the physical domain of MIT since they're paid in TechCASH, the campus currency.

Western Union

While many of us might think of Western Union as an old-school money-transfer company, it's a 21st century firm complete with apps and a bug bounty program. Find vulnerabilities on Western Union's various websites and earn between $100 to $5,000 per bug via Bugcrowd.

Kaspersky

It might seem odd for a company that seeks to protect people online to hire out that task, but security researcher Kaspersky is doing just that. Starting Aug. 1, hackers will have six months to find bugs within Kaspersky Internet Security and Kaspersky Endpoint Security. The company is offering up to $50,000; individual average rewards will likely be about $1,000 to $2,000.

Blackphone

Your smartphone is your biggest vulnerability. It tracks your location constantly, has access to all your contacts, knows your habits, and holds more than enough information to own you. Encrypted communications specialist Silent Circle created Blackphone to be as private a phone as possible. But encrypted doesn't mean inpenetrable, so Silent Circle has a bug bounty program on Bugcrowd to reward those who find vulnerabilities. So far, 41 bugs have been rewarded.

HackerOne

Don't hack a hacker. Or, you know, do because there's money in it. HackerOne itself has a bounty program for finding flaws in its own system. Severe bugs can net a minimum of $10,000 and "interesting" bugs bring in $500 or more. HackerOne has paid nearly $85,000 in bug bounties so far.

About Our Expert

Chandra Steele

Chandra Steele

Senior Features Writer

My Experience

My title is Senior Features Writer, which is a license to write about absolutely anything if I can connect it to technology (I can). I’ve been at PCMag since 2011 and have covered the surveillance state, vaccination cards, ghost guns, voting, ISIS, art, fashion, film, design, gender bias, and more. You might have seen me on TV talking about these topics or heard me on your commute home on the radio or a podcast. Or maybe you’ve just seen my Bernie meme

I strive to explain topics that you might come across in the news but not fully understand, such as NFTs and meme stocks. I’ve had the pleasure of talking tech with Jeff Goldblum, Ang Lee, and other celebrities who have brought a different perspective to it. I put great care into writing gift guides and am always touched by the notes I get from people who’ve used them to choose presents that have been well-received. Though I love that I get to write about the tech industry every day, it’s touched by gender, racial, and socioeconomic inequality and I try to bring these topics to light. 

Outside of PCMag, I write fiction, poetry, humor, and essays on culture.

My Areas of Expertise

  • Making incomprehensible tech news easy to understand
  • Expanding the boundaries of topics covered in the industry
  • Figuring out tips and tricks in apps and on devices and letting you know about them
  • Putting together gift guides for everyone in your life 

The Technology I Use

All that gadgets is gold for me: my iPhone 11 Pro, my fifth-generation iPad that I use only for streaming videos and music, my iPad mini 4 that I like to take with me whenever I carry a bag that can fit it, and my MacBook Pro. Why are they all different shades of gold, though? What’s going on, Apple? 

None of them quite live up to my two past loves: my LG Lotus LX600 phone and my Sony Walkman NW-E005 MP3 player. 

I've never given up wired earbuds so I was ahead of all those trend pieces. I use a Mangotek Lightning-to-3.5mm headphone jack adapter to connect them to my phone. 

I have had so many ebook readers, but I prefer paper to them all. Still, my Kindle Paperwhite is perfect for traveling or when I’m too impatient to wait for a book to be released in paperback.

Read the latest from Chandra Steele

Read full bio