Aussie hacker joins million dollar bug bounty club

A Melbourne man has become one of six to earn more than US$1 million from bug bounty programs, vulnerability-finding platform HackerOne announced.

Nathaniel Wakelam, who currently works as the chief information security officer at Gravity, has been reporting bugs via HackerOne for six years, earning a steady stream of rewards in the process.

The list of organisations that Wakelam has reported vulnerabilties to include well-known names such as Verizon Media, the US Department of Defence, Snapchat, and General Motors.

Santiago Lopez, a 19-year-old from Argentina was the first to earn US$1 million through bug bounties in March this year, HackerOne said.

“When I first started, the industry was in its infancy. Only a handful of companies invited hackers to find and share vulnerabilities," Wakelam said. 

"Six years later - the space has changed dramatically. Bug bounties have given me the flexibility to work from anywhere in the world, forged connections with people within an industry that I respect, created a secondary income stream within my own life, and allowed me the opportunity to branch out and pursue other business ventures," he added.

Wakelam and fellow researcher Shubham Shah have published tools to help bug hunters to be more productive with their reports.

Briton Mark Litchfield, Frans Rosen from Sweden, Hong Konger Ron Chan. and Tommy DeVoss from the United States have also become members of the million dollar bug bounty club via HackerOne.

So far, HackerOne says its hackers working under its program has helped find over 130,000 vulnerabilities, earning over US$64 million in bug bounties.

Cross-site scripting remains the most common vulnerability reported, HackerOne says.