Bug Bounties and Mental Health

My other posts have better stock images.

About Me

Hi, I’m Nathan, and I’m a (now) full time bug bounty hunter. Since 2015 I’ve been participating in bug bounty programs and I’ve earned tens of thousands of dollars in rewards. I’ve worked with some amazing companies and found some really neat bugs, and I’ve also completely burned out and gone months without even attempting to find a vulnerability. Having heard similar stories from other bounty hunters, I wanted to share my personal experiences in the hope someone will benefit.

The Sell

Bug bounties are a great way to make money. Google, Facebook, PayPal, Imgur, Uber, and many more companies give monetary rewards for valid vulnerability reports. What’s not to love?!

But It’s Not All Plain Sailing

Bug bounty programs have their downsides too. It’s a highly competitive scene. You can feel pretty down when you discover someone reported the same vulnerability a day, a week, or a month before. If the team is slow to fix bugs then they’re more likely to get duplicate reports, and it can feel like time wasted for everyone.

sadface.jpg

Self Care Is Important

How you approach bug bounties can have a big effect on how stressful you find it and how fast and often you burn out. As bounty hunters we want to find vulnerabilities and the more pressure we put on ourselves the worse our mental health is going to suffer.

Final Thoughts

My experience is going to be different from yours, and no two hunters are the same. Find what works well for you, but look after yourself at the same time. It’s okay to not find bugs. It’s okay not understand a certain technique. That’s just a part of the job. It’s not okay to overwork yourself and sacrifice your mental health for additional stressful. You will find a bug. There always will be bugs. You can absolutely do this. More importantly, you need to look after yourself, and I definitely do too.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store