Photo credit: BBC
Sam Curry, an 18-year-old student in Omaha, Nebraska, has tinkered with computers from a young age, but not in the way most use them. As a sophomore in high school, he found a way into the system that allowed him to pose as an administrator, meaning that he could have changed student grades, but Sam just wanted to enter the network as a prank. Subsequently when school administrators found out, he was suspended for two weeks. The next time he discovered a security vulnerability, he reported the bug to the high school administration instead of exploiting it, and received a $50 gift card to Subway as a reward. Since that time, he’s earned more than $100,000 from legally hacking well known institutions including the U.S. Department of Defense, Valve, and Yahoo. Read more for a video interview and additional information.
He’s just one of a growing number of hackers cashing in on “bug bounties” – monetary rewards that organizations pay hackers to expose vulnerabilities in their systems. These rewards have become so popular that it’s almost standard for high-profile companies to participate in the programs, and it’s only expected to continue to grow. Think of it as a crowdsourced security testing that is “rapidly approaching critical mass” according to industry research firm Gartner.