Bug Bounty Hunters help out companies to improve their software or service by pointing out the faults and shortcomings of their systems. Bug bounty hunters typically work under a bug bounty program, which is a program initiated by a security or other systems firm asking security researchers and bug bounty hunters to help them find vulnerabilities and weak spots in their systems before they are made public.
This helps the company in updating their software framework, as well as to strengthen its structure before making the software available to the general public. The bug bounty hunters, on the other hand, receive due compensation and recognition for their effort and help. This article lists some of the famous bug bounty hunters in the world.
- Rafay Baloch
The owner of rafayhackingarticles.net and hailing from Pakistan, Rafay Baloch is an independent security researcher who once found a remote code execution vulnerability in the online transactions website PayPal. The website subsequently offered him $10,000 as well as a job with them. His biggest achievement is his discovery of Android Stock Browser Address Bar Spoofing that had serious ramifications for Lollipop and previous versions of Android.
- Roy Castillo
Roy is one of the first Filipino to have participated in a bug bounty hunting program. His famous achievements include reporting stored XXS in Gmail for iOS as well as reporting a bug in Facebook which exposed primary email addresses of users.
- Jason Haddix
Jason has gone from being the top bounty hunter in Bugcrowd to being their Director of Technical Operations. A famous bug bounty hunter, he is also a notable mobile and web hacker.
- Frans Rosen
Frans Rosen is at the number two spot in the bug bounty hunters list of Hackerone. He has reported many bugs in his elusive career as a security researcher, most famous of them being the flash-based XSS vulnerability in Mega that he found. That discovery earned him a thousand euros.
- Stephane Chazela
Stephane Chazelas is involved in the Free Software/Open Source and Unix communities and discovered the GNU Bourne-Again Shell (Bash) Shellshock Vulnerability. What made him one of the most famous bug bounty hunters was his finding of Shellshock in Hackerone, which earned him a reward of $20,000.
Bitquark has shared lots of security bugs in his blog bitquark.co.uk. He was once ranked the number one bug bounty hunter and has received rewards amounting over $13,000 from Google’s ‘Google Sites’.
- Neal Poole
Neal works as a security engineer at Facebook and also works on the Product Security Team. Facebook hired him for his continuous laudable efforts in reporting bugs in their system.
- A Bailey
Don is one of the few famous bug bounty hunters whose findings have made their way to news channels like CNN and BBC. He founded his person Internet of Things start-up with the name Lab Mouse Security and his report on memory corruption on LZ4 software earned him $6,000 in reward from Hackerone.
- JungHoon Lee
He is a Korean exploit developer who gained recognition by amassing $225,000 in Pwn2Own at the CanSecWest security conference of 2015. In Pwn2Own, he exploited browsers like Firefox, Chrome and Internet Explorer.
- Mazin Ahmed
Mazin blogs about his findings like Multiple CSRF vulnerabilities in Facebook Messenger in his personal blog ‘bolg.mazinahmed.net’. He is best known for his research on W3 Total Cache’s Vulnerability that leads to Full Deface (CVE-2014-9414).
These are some of the most famous bug bounty hunters in today’s world. Note that this list does not only include security researchers who have performed well in bug bounty programs. We include hunters whose works have earned them due recognition.