Hackers congress in Hamburg. Photo: Patrick Lux/Getty

Amid a gaping shortage of skilled cybersecurity hands, a cottage industry has sprung up to fill the demand, with some of the biggest U.S. companies and agencies paying freelance bounties for detecting website vulnerabilities.

What's going on: There are currently some 301,000 cyber industry openings in the U.S., according to Cyber Seek, a firm seeking to close the shortage, forcing unorthodox solutions on the most strategically important employers.

Their target is not college graduates, but simply to lure reliable hackers, or "white hats," out of dark chatrooms and into respectable employ.

  • Websites like Bugcrowd and HackerOne are the Indeeds of this world, reports MIT Tech Review's Martin Giles.
  • Both sites feature "bug bounties" — cash rewards for finding website vulnerabilities.
  • Among those paying bounties: Airbnb, the Pentagon, GM, Lufthansa, and Starbucks, says HackerOne.

Despite the shortage, the pay appears to be generally mediocre or low, the same malady afflicting job categories across the U.S. and European economies.

  • Finding bugs pays in glory more often than in cash, like swag and tours of the U.S. Capitol, writes Tech Review's Erin Winick.
  • In a case study at HackerOne, Shopify said that as of March 15, it had used bounties to resolve 759 bug reports, "thanked" more than 300 hackers, and paid out more than $850,000 in bounties. If all were paid, that comes to about $1,100 per bug report, although in one case, Shopify said, it paid a hacker named @cache-money $15,250 for exposing a critical bug.
  • A Philippine bug hunter profiled by Tech Review earns well under $1,000 a month. At HackerOne, 3% of registered users earn more than $100,000 a year, while 12% earn $20,000 or more.

Go deeper: In February, No Starch Press will publish a how-to book called Real-World Bug Hunting, by Peter Yaworski, subtitled "A Field Guide to Web Hacking."

Go deeper

Updated 1 hour ago - Politics & Policy

Coronavirus dashboard

Illustration: Aïda Amer/Axios

  1. Global: Total confirmed cases as of 12 p.m. ET: 10,920,457 — Total deaths: 522,385 — Total recoveries — 5,789,032Map.
  2. U.S.: Total confirmed cases as of 12 p.m. ET: 2,753,754 — Total deaths: 128,871 — Total recoveries: 781,970 — Total tested: 33,462,181Map.
  3. Public health: The states where face coverings are mandatory Fauci says it has been a "very disturbing week" for the spread of the coronavirus in the U.S.
  4. Business: Top business leaders urge the White House to develop mandatory mask guidelines.
  5. Economy: The economy may recover just quickly enough to kill political interest in more stimulus.
  6. States: Florida reports more than 10,000 new coronavirus cases, and its most-infected county issues curfew.
2 hours ago - Sports

Washington Redskins to review team name amid public pressure

Photo: Patrick McDermott/Getty Images

The Washington Redskins have announced they will be conducting a review of the team's name after mounting pressure from the public and corporate sponsors.

Why it matters: This review is the first formal step the Redskins are taking since the debate surrounding the name first began. It comes after weeks of discussions between the team and the NFL, the team said.

Scoop: Instacart raises another $100 million

Illustration: Sarah Grillo/Axios Visuals

Grocery delivery company Instacart has raised $100 million in new funding, on top of the $225 million it announced last month, the company tells Axios. This brings its valuation to $13.8 billion.

Why it matters: This funding comes at what could be an inflection point for Instacart, as customers it acquired during coronavirus lockdowns decide whether they want to continue with the service or resume in-person grocery shopping.