Bug Bounty Hunters are individuals who set out to find bugs and vulnerabilities in software, programs, or security systems. Such persons report the bugs they’ve discovered, and the company rewards them for their efforts. Receiving these reports of the bugs at the right moment helps companies secure the loopholes which could have been used by hackers to enter into their system and potentially cause great damage.

Following is the list of top 10 famous bug bounty hunters of all time:

1. Frans Rosén


Mr. Rosen is the founder of Detectify and came into limelight when he discovered a flash based-XSS vulnerability in Mega. He was handsomely rewarded for his find He has been consistent in finding and reporting various bugs in the security systems of various companies.

2. Rafay Baloch


This Pakistani security researcher is responsible for finding a remote code execution vulnerability in Paypal, an online transaction website, which landed him a job as well a reward of $10,000. He also discovered Android Stock Browser Address Bar Spoofing which could have a serious impact on Lollipop and below android versions.

3. Stephane Chazela


He earned a whopping sum of $20,000 as a reward for finding Shellshock in Hackerone. Stephane is also credited with the discovery of the GNU Bourne-Again Shell (Bash) Shellshock Vulnerability. He is currently associated with Free Software/Open Source and Unix communities and continues to contribute to the security of the cyber space.

4. Neal Poole


Neal landed a job as Facebook’s security engineer because of his continuous reporting of various security bugs in the Facebook system. Apart from being the security engineer, he also contributes to the Product Security Team.

5. Roy Castillo


He is the man responsible for the reporting of stored XSS I Gmail as well as in iOS. He also reported a bug which could expose the primary email address on Facebook. This Filipino once exploited the XSS vulnerability in Facebook which allowed outsiders to add scripts to web pages.

6. Emily Stark


Prior to joining as a software engineer on the Google Chrome Security Team, she used to be a core developer at Meteor. She participated frequently in a lot of crowdsourcing security platforms.

7. Bitquark


Formerly ranked as the numero-uno in the list of top bug bounty hunters, he, now, discloses a lot of security bugs on his blog bitquark.co.uk. He has been rewarded a whopping sum of $13,034.80, by Google, for discovering 5 security bugs onto their system.

8. Don A. Bailey


He is known for reporting a memory corruption on LZ4 software for which he was rewarded with $6000. His security researches have featured on almost every news biggies such as BBC, Reuters, CNN, to name a few.  He is the founder of Lab Mouse Security, an IoT technology start-up.

9. Shubham Shah


Based in Australia, he is currently employed by Bishop Fix as a security analyst. At the age of 16, he was able to bypass Facebook’s, Google’s, Yahoo’s (to name a few) 2-Factor-Authentication (2FA), for which he gained a lot of limelight.  He is listed in Paypal’s whitehat hall of fame.

10. Mazin Ahmed


The owner of blog.mazinahmed.net keeps his blog updated with vulnerabilities on various online platforms. He is best known for finding Facebook Messenger’s Multiple CSRF vulnerability. Pwniw Awards 2015 has nominated him under the category ‘Pwnie for Best Client-Side Bug’. His research on W3 Total Cache’s Vulnerability That Leads to Full Deface has garnered the attention of the entire cyber world upon him.


The work of a bug bounty hunter in today’s world is as significant as the military operations being carried out on your country’s border. Without them, a lot of security loopholes would persist, leading to a breach of our security and privacy on a daily basis. Recognizing the contribution a bug bounty hunter makes to the world and to the practice of cybersecurity is a small gesture from our team.