Get the latest market trends in your inbox

Stay on top of the latest market trends and economic insights with the Axios Markets newsletter. Sign up for free.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Denver news in your inbox

Catch up on the most important stories affecting your hometown with Axios Denver

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Des Moines news in your inbox

Catch up on the most important stories affecting your hometown with Axios Des Moines

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Minneapolis-St. Paul news in your inbox

Catch up on the most important stories affecting your hometown with Axios Minneapolis-St. Paul

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Tampa-St. Petersburg news in your inbox

Catch up on the most important stories affecting your hometown with Axios Tampa-St. Petersburg

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Hackers congress in Hamburg. Photo: Patrick Lux/Getty

Amid a gaping shortage of skilled cybersecurity hands, a cottage industry has sprung up to fill the demand, with some of the biggest U.S. companies and agencies paying freelance bounties for detecting website vulnerabilities.

What's going on: There are currently some 301,000 cyber industry openings in the U.S., according to Cyber Seek, a firm seeking to close the shortage, forcing unorthodox solutions on the most strategically important employers.

Their target is not college graduates, but simply to lure reliable hackers, or "white hats," out of dark chatrooms and into respectable employ.

  • Websites like Bugcrowd and HackerOne are the Indeeds of this world, reports MIT Tech Review's Martin Giles.
  • Both sites feature "bug bounties" — cash rewards for finding website vulnerabilities.
  • Among those paying bounties: Airbnb, the Pentagon, GM, Lufthansa, and Starbucks, says HackerOne.

Despite the shortage, the pay appears to be generally mediocre or low, the same malady afflicting job categories across the U.S. and European economies.

  • Finding bugs pays in glory more often than in cash, like swag and tours of the U.S. Capitol, writes Tech Review's Erin Winick.
  • In a case study at HackerOne, Shopify said that as of March 15, it had used bounties to resolve 759 bug reports, "thanked" more than 300 hackers, and paid out more than $850,000 in bounties. If all were paid, that comes to about $1,100 per bug report, although in one case, Shopify said, it paid a hacker named @cache-money $15,250 for exposing a critical bug.
  • A Philippine bug hunter profiled by Tech Review earns well under $1,000 a month. At HackerOne, 3% of registered users earn more than $100,000 a year, while 12% earn $20,000 or more.

Go deeper: In February, No Starch Press will publish a how-to book called Real-World Bug Hunting, by Peter Yaworski, subtitled "A Field Guide to Web Hacking."

Go deeper

3 hours ago - Health

Food banks feel the strain without holiday volunteers

People wait in line at Food Bank Community Kitchen on Nov. 25 in New York City. Photo: Michael Loccisano/Getty Images for Food Bank For New York City

America's food banks are sounding the alarm during this unprecedented holiday season.

The big picture: Soup kitchens and charities, usually brimming with holiday volunteers, are getting far less help.

5 hours ago - Health

AstraZeneca CEO: "We need to do an additional study" on COVID vaccine

Photo: Pavlo Gonchar/SOPA Images/LightRocket via Getty Images

AstraZeneca CEO Pascal Soriot said on Thursday the company is likely to start a new global trial to measure how effective its coronavirus vaccine is, Bloomberg reports.

Why it matters: Following Phase 3 trials, Oxford and AstraZeneca said their vaccine was 90% effective in people who got a half dose followed by a full dose, and 62% effective in people who got two full doses.

Updated 7 hours ago - Politics & Policy

Coronavirus dashboard

Illustration: Sarah Grillo/Axios

  1. Health: Coronavirus cases rose 10% in the week before Thanksgiving.
  2. Politics: Supreme Court backs religious groups on New York coronavirus restrictions.
  3. World: Expert says COVID vaccine likely won't be available in Africa until Q2 of 2021 — Europeans extend lockdowns.
  4. Economy: The winners and losers of the COVID holiday season.
  5. Education: National standardized tests delayed until 2022.