Most of us in the contracting space are interested in alternate ways of making money. Personally, I enjoy straight programming to almost any other means of earning it but I discovered something recently that looks interesting. There’s a website now that seemingly pays for finding bugs in the code of others. As programmers we are often good at spotting problems early and we’re probably the best at finding them. Troubleshooting is usually something that isn’t seen as a profit center so why not flip things and make some money doing it?
Enter the new website which appears to be crowd-sourcing the problem of code testing. Various companies then work with the website to outsource this task to others who attempt to identify a problem worth fixing. If they decide that it’s indeed a bug then they usually pay some form of money to the researcher.
From my own limited experience, I created an account, reviewed the many offers and picked the Tesla Motors website to look for security problems. Within an hour I identified something from a third-party webtiming partner which turned out to be flagged by Microsoft Security Essentials as the
Win32/Spursint.A Trojan. (Not bad for just an hour’s work, I thought.) I then wrote up my findings and awaited a response. Someone did respond within 24 hours.
Next, I tried to explain the nature of the Akamai network of caching servers and how a local version of their server might be delivering different content than what I’d received: some get the Trojan and some do not, in other words. Again, this was falling upon deaf ears.
Will I use Bugcrowd again? I like the concept. I think I had rather spend my time, though, in a more fruitful venture with a less risky return.
New wisdom: Avoid systems in which you perform labor and then someone else decides whether or not your labor deserves getting paid for. Oh, and unless you have an up-to-date virus checker you may want to avoid the Tesla website since it sometimes delivers a Trojan to your browser.