Bug bounty hunters help patch flaws in software, but bad actors are always in the hunt for their

next exploit and the payoff can be big.

From American public media, this is Marketplace Tech. I'm Lily Dramale. The many lines of software code that run so much of our digital lives are riddled with bugs.

That's why we're asked pretty routinely to update software across the devices that we use.

There is, however, a kind of bug that keeps cybersecurity defenders up at night, perhaps more than any other. It's the vulnerability

that's unknown even to the people who wrote and manage the code. Zero Day in

hackerspeak. Companies and organizations spend a lot of time, effort, and money trying to get out in front of

this ilk of cyber attack.

Hot Zero Day summer, as Wired magazine called this past one, bled into fall with Apple, Google,

and Microsoft announcing several recent patches to manage vulnerabilities that could have been exploited.

But owners of the code don't always get there first,

as when a Russian ransomware group successfully stole data

from some 60 million users of a popular file sharing service by exploiting a zero-day flaw.

Dina Temple Rastin is the host of the Click Here Podcast and has more on why the known unknown is such a problem.

Dustin Childs works in Threat Awareness at Trend Micro.

It's an American IT security company.

And he's a bug bounty hunter.

We buy bugs at Microsoft Bugs, Apple Bugs, Trend Micro, Google.

Bugs have vulnerabilities in software code, and Childs buys them so he can help companies patch those holes.

Depending on the type of bug it could be worth $150 and depending on where it's sold it could be worth up to $15 million.

Child's Bug bounty program is all legal and above board, but there are dark web

marketplaces that sell them too. They sell everything from little bugs to the big white

...