johnk

How Hackers Spend Their Bounties

ibram

Over $24 million in bounties in five years. A goal of $100 million by the end of 2020. That’s a lot of money. But what kind of impact does that kind of money have on the world’s economies? What kind of opportunities does it present? In India, the largest population of hackers on our platform outside of the U.S., hackers earn up to 16 times the salary of an average software engineer in their home country.

At our poolside h1-702 live-hacking event in Las Vegas we asked some of our top hackers about how they spend their bounty earnings. Responses varied - from saving money for college, to buying a family car, to helping their parents purchase a home to: headphones, snowblowers, and more. 

Here’s what they shared, in their own words:

ibram

“One of the things that I did with my bounty money was helping my parents buy a house when I first came to the U.S., so that’s probably the biggest thing I’ve done with bounty money.”
@Ibram (Ibram Marzouk)

teknogeek

“Favorite purchase would probably be binary ninja. It’s one of my favorite pieces of software. I use it all the time to disassemble things and take them apart to figure out how they work.”
@teknogeek (Joel Margolis)

smiegles

“Favorite purchase...my Bose QuietComfort 35 Headphones. It’s the best. It’s saving my ears a lot of frustration.”
@smiegles (Olivier Beg)

cablej

“To be honest, I haven’t really spent any of it. I’m saving it all for college.”
@cablej (Jack Cable)

try_to_hack

“My favorite purchase with my bounty money was my car.”
@try_to_hack (Santiago Lopez)

zlz

“The most meaningful purchase I made with bounty money is actually a car. For a really long time it was just one car in our house of three, and I really don’t come from a wealthy background. We kinda shared one car between all of us -- my brother is 24, my mom is...I don’t want to say her age -- but she’s working and everyone is working really hard around the house, but it was really an issue trying to find a way to get around for everyone’s jobs, so when I got into bug bounty I said, I’m going to get a car that everyone can use and I think it really helped.”
@zlz (Sam Curry)

thedawgyg

“I went to Aruba.” — @thedawgyg (Tommy DeVoss)

ddworken

“The most meaningful result of a bounty for me was actually one from Starterbox where there was some, out of miscommunication where they thought something was a bug and it ended up not being a bug. So then I talked to them we actually just decided to donate the bounty that they had already awarded to the EFF.” 
@ddworken (David Dworken)

fransrosen

“A lot of my money actually goes into hiring people. I have a venture firm financing companies through bug bounties...I give the opportunity to people to get work and create a family and stuff.” 
@fransrosen (Frans Rosén)

yaworsk

“Maybe it’s not the most exciting, but the very first most memorable purchase that I made that popped into my head was...this is going to show my Canadian roots...was a snowblower. That’s truthfully the first thing I thought of when I thought about bug bounty spending. The snow blower and then maybe the Xbox after that. I haven’t spent a lot of it.”
@yaworsk (Pete Yaworski)

Responsible disclosure and bug bounties are game-changing for the security of companies, and have proven to be life-changing for many in the hacker community. 

Check out the full infographic around how hackers are spending their bounties here. We also just published The Hacker Report with stats and survey data from our hacker community including that 25% of hackers have donated bounty money to charity. Follow the conversation on Twitter

 


HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty program solutions encompass vulnerability assessment, crowdsourced testing and responsible disclosure management. Discover more about our security testing solutions or Contact Us today.

 

The 8th Annual Hacker-Powered Security Report

HPSR blog ad image