I've met plenty of self-taught hackers in developing countries who were barely employed due to general economic dysfunction. Spend a month or two in Venezuela and you'll find plenty of qualified folks who have no steady job and are scraping by, how do you think people get into crime to begin with?
>> how do you think people get into crime to begin with?
lack of opportunity, lack of skills and lack of work ethic. As in it's easy to do, no barrier to entry and always availble.
Most crimes don't actually pay very well and have poor return if you've got any sort of marketable skills. Armed robbery of a bank will get you on average $1200 and 15-20 years.
You seem to be arguing against a straw man. Nobody said software engineering is free money, I said that a software engineer with the knowledge, skills and tools necessary to find an exploit like this is definitely not starving. In pretty much every country in the world, someone with those skills will be better off than 90% of the population
So many comments to this saying it's possible to be broke as a software developer. No one is arguing that. There are tons of people in every career path that don't make much due to a variety of reasons.
But pretending software development isn't a well paying career path, in general, is a statistically incorrect statement
I'm very capable of finding exploits in what can only be described as terrible living conditions and I've done so while being categorically incapable of finding food anywhere. That's not the environment I live in today (and I'm happy about it), but it really doesn't require a nice warm home with a stable internet connection to find some glaring holes in an application.
Most software is made entirely free with no source of income. The job market for software is terrible, and those people work entirely seperate jobs from it. Many program on a very minimum life expenditure.
Does that mean they automatically work for almost nothing? This is so different from what I’ve observed. I would love to see where people are getting this opinion from.
You replied to a claim about “most software” with a site that compares big tech companies, and only their US offices. The world is much bigger than your bubble.
Do you have any data the counters what I’m saying? I know people in other countries don’t make the same salaries but they are “mostly” doing pretty well for their region
I gave some proof and I’m speaking from experience. I grant that my perspective my be biased so if there is any data to the contrary then I would love to be enlightened. My goal isn’t to point out if someone is wrong for the sake of it, I hope to teach, learn or both. This was such a shocking revelation to me that I was hoping for some data.
They can be when they try to live off of bug bounties alone.
There are a lot of young folks that try to make this their full time job after some success, then get into a dry spell. The panic robs them of the lateral thinking that brought them to the dance to begin with, and they get into spirals of ravenously hunting simple bugs that end up as dupes and out of scope.
> They can be when they try to live off of bug bounties alone.
I think that's the problem. You shouldn't be entirely dependent on bounty money, because sooner or later you will find a bug that is worth 10x or 1000x on the black market.
I have seen white hat bounty hunters go rouge in such situations and entirely blame it on the cheap ass companies that won't offer the "right" amount.
Nobody owns you anything, you are doing this mostly for fun. The bounty is just a bonus.
> Nobody owns you anything, you are doing this mostly for fun. The bounty is just a bonus.
That's missing a key point of the bounty system. Slack and its users are better off that this bug was 1: discovered and 2: responsibly reported. The bounty increases the number of eyes looking, but also incentivizes folks to look into weird crashes or fight through the drudgery of triaging odd behavior.
The bug value also shows how much Slack here values their security, and makes me wary of them if I was in the place to be a customer of theirs.
> The bug value also shows how much Slack here values their security, and makes me wary of them if I was in the place to be a customer of theirs.
Most directly it shows how they value a bug bounty program. There are companies that spend hundreds of millions of dollars per year and have thousands of people in their infosec program that don’t have bug bounty programs.
You can extrapolate that to how they value security but that’s not necessarily directly correlated.
>There are companies that spend hundreds of millions of dollars per year and have thousands of people in their infosec program that don’t have bug bounty programs.