Aditi Singh, a 20-year-old ethical hacker from India has won a prize of $30,000 for finding a bug in Microsoft’s Azure cloud system. Just two months ago, she had discovered a similar bug on Facebook and was granted US$7,500 for the same.
Aditi is working as a professional bug hunter, who is accountable for scrounging the web and browsing the systems for faults or defects through which hackers can creep in. These experts are awarded cash every time they hunt down a bug.
“Microsoft has only fixed the bug which I spotted two months back. They have not fixed all of them,” says Aditi, who was the first one to detect the RCE bug and stated that the tech behemoth took two months to respond as they were investigating if anybody had downloaded its vulnerable version.
Aditi proposes that before even starting to find a bug, people should ask the support team of that firm ask if they are hosting a bounty program, and if that corporation confirms about such a business, bounty hunters should go ahead.
Furthermore, bug bounty hunters are generally certified cybersecurity experts or protection researchers who slither the web and scan the systems for bugs or flaws through which hackers can sneak in and alert the companies. If they are successful, they are compensated with cash.
Speaking about the RCE bug detected in Facebook and Microsoft, Aditi describes that the developers wrote the code directly when they should have the first download a Node Package Manager, which is a subsidiary of GitHub where anyone can locate the codes from these organizations as they are open-sourced. “Developers should write codes only after they have the NPM,” she says.
Moreover, Aditi has so far discovered several bugs. She found defects in the products of firms such as Paytm, Tic Tac, Facebook, HP, and Mozilla and brought them to the notice of those companies.
Source: Adcave
