We are in the age of the hacker. Never before has there been more opportunities to learn, more tools, more welcoming companies and more money up for grabs. At the end of last year, we tapped into our community of ethical hackers to better understand how they like to work, what’s most important to them and what needs to change. Today, we are excited to share The Hacker Report, the largest survey ever conducted of the ethical hacking community with 1,698 respondents.
Hackers are a vital component of the Internet’s immune system. Without them, we would be seeing far more breaches than we see now. With them, we’re all better off. The full report is available here and includes a dossier showcasing the charitable, curious, communal nature of the hacker community.
In the meantime, here are a few key findings:
Money paid in bounties by country (left) compared to money awarded to hackers by country (right):
Visualization of the Bounties by Geography showing on the left where the companies paying bounties are located and on the right where hackers receiving bounties are located. Special credit to Allen Householder for inspiring this graph.
Bug bounties can be life changing for some hackers. On average, top earning researchers make 2.7 times the median salary of a software engineer in their home country.
Median annual wage of a “software engineer” was derived from PayScale for each region. The multiplier was found by dividing the upper range of bounty earners on HackerOne for the region by the median annual wage of a software engineer for the related region.
Money remains a top reason for why bug bounty hackers hack, but it’s fallen from first place to fourth place compared to 2016.
Thank you to all our hackers for consistently defending sensitive data on the Internet, and thank you to all those that contributed to our 2017 Hacker Survey. Security wouldn’t be possible without you. Together we hit harder!
HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty program solutions encompass vulnerability assessment, crowdsourced testing and responsible disclosure management. Discover more about our security testing solutions or Contact Us today.