For today’s article, let us acknowledge fifteen famous and 1337 bug bounty hunters who have been the talk of the web. This list does, not enumerate all the top bug bounty hunters in top crowdsourcing platforms like Bugcrowd, Hackerone and Cobalt (formerly Crowdcurity), but people who have proven to be worthy of their contribution and have embodied the true hacker culture – although some people who have topped in the leaderboard will also be enumerated. The goal is not to list people who topped the leaderboard in Bug Bounty programs just because of the number of vulnerabilities they submitted, which could be inaccurate. This is in honor of Bugcrowd’s “State of Bug Bounty” PDF report. Bugcrowd’s “The State of Bug Bounty” reports: A self-employed “security researcher” based in Pakistan was the most prolific submitter overall with a submission count of 1,094—nearly three times that of the points leader and nearly four times that of the top paid researcher. This is especially noteworthy given his first submission wasn’t until February 18, 2014—roughly a year later than the points and rewards leaders. While his 1,094 submissions make him the top submitter out of the entire research community, a well below average priority rating of 4.42 and a very low total average reward per valid submission of $20.54 make this researcher very noisy. These figures suggest that this researcher uses a shotgun approach for finding and submitting bugs, even if the issues found end up being flagged as invalid bugs. Further proving this hypothesis is the fact that this researcher possesses an extremely low 4% acceptance rate for his submissions. Given these figures, one might come to the conclusion that this researcher puts a higher value on submission count notoriety over rewards—with 120 Hall of Fame entries, it would be hard to argue this point. So, while very proactive and active, simply put, this researcher submits things that aren’t as valuable as other researchers’ submissions. The top, in this case, is far noisier than signal desired. Names are not arranged to their ranking. Alright, let’s start! Drum roll please…
Stéphane Chazelas
Rafay Baloch
Frans Rosén
Jason Haddix
Nir Goldshager
Roy Castillo
Emily Stark
Bitquark
Don A. Bailey
Neal Poole
JungHoon Lee
Avram Marius Gabriel
Mazin Ahmed
Mohamed Ramadan
Shubham Shah
Reference: State of Bug Bounty – https://pages.bugcrowd.com/rs/601-RSA-253/images/state-of-bug-bounty-08-2015.pdf