Ethical hackers or how to make money by legally discovering vulnerabilities in computer systems

It is known as Bug Bounty and is an agreement between companies and cybersecurity experts so that they can discover security gaps in web or mobile applications, for example, in exchange for financial remuneration.

FuenlabradaThere are those who do it as a game or because they simply want to improve their computer skills, but others become ethical 'hackers', 'good' hackers, and earn significant income this way. Currently, many large companies submit, in an agreed manner, under certain rules, their new information systems or online products so that an ethical 'hacker' can search for vulnerabilities, and thus perfect their creation. In exchange, these hackers receive financial compensation. “It's a 'win-win', as they say, because everyone wins, but always adjusting to agreed rules, otherwise we would be talking about something illegal,” says Raúl Martín Santamaría, professor and researcher at the URJC.

In fact, he explains, in cybersecurity studies skills are taught to detect vulnerabilities and security gaps, but “effectively and legally.” It is usually used to detect, above all, vulnerabilities in web or mobile applications, and in fact in Spain “we have very good experts in this field,” he says. In fact, the Spanish team of computer experts won the Ambassador World Cup 2023, something like the world championship of ethical hackers.

Martín also talks about another field for these 'hackers', such as the competitions organized by companies, or sometimes, public organizations such as the Civil Guard, with the National Cybersecurity League, or the National Cryptology Center, all with the aim of attracting talents.