The Journey in Data: HackerOne Hits 100 Million Dollars in Bounties

The Journey in Data: HackerOne Hits 100 Million Dollars in Bounties

Yesterday, hackers on HackerOne hit a major milestone: they have earned a total of $100 million in bounties over the past 8 years, with nearly half in the past year alone!

The road to $100 million has been exciting, surprising and, most of all, rewarding. Powering this number is an incredible community of more than three quarters of a million contributors who work relentlessly to defend the critical infrastructure of thousands of customer programs.

Let’s take a look at some of the numbers that have taken us to the $100 million milestone:

The amount of the first bounty earned from a report submitted by deepak194 to Verizon Media on Halloween 2013. Total pay-outs in October, 2013 totalled $30K. In April, 2020, it was a whopping $5.9 million!

The number of new hackers that sign up to the platform every 100 minutes. 43% of hackers are self taught, underscoring the importance of having a community and online resources.

The amount of bounties paid out on the platform every 100 minutes. In 2019 alone, hackers earned nearly $40 million in bounties, almost equal to the entire amount awarded in all prior years combined.

The number of reports submitted every 100 minutes. Over 170,000 vulnerabilities have been reported and fixed by hackers over the past seven years.

The number of hacker interactions every 100 minutes. Nearly 40% of hackers devote 20 hours or more per week to their search for vulnerabilities and 18% describe themselves as full-time hackers.

The number of bounties that were exactly $100. The average bounty on the HackerOne platform is $771.

The number of reports submitted by @todayisnew, the most reports submitted by a single hacker on the platform

The first bounty that was split by @fransrosen. Since then, many community contributors have worked together to overcome challenges creatively. Frans says about bug hunting “a bug bounty program becomes great when the reporter and the company interact with each other, treat each other as peers, communicate and collaborate to solve and come up with solutions together on how to mitigate the issues found completely. When companies treat the hackers as an extension to their own team, that's when you really get the benefit for both parties.”

The global average IT salary. 8 hackers have passed the $1 million earnings milestone with 13 more hitting $500,000 in lifetime earnings. 146 hackers have earned $100,000, up from 50 last year.&

Number of years @stefanofinding has been hacking. Stefano was the hacker who earned the final bounty to take the community over $100M in bounties earned.

“I started participating in bug bounty programs in December 2013 and it has been my main income since January 2014,” said Stefano. “HackerOne has played an important role in me being able to make a living out of it because most of the bounties I have received were through HackerOne. Reaching 100 million in bounties paid means that you are part of the stories and lives of people around the world, like mine. It makes me hopeful to think that there is a guy/gal in some remote country that finds HackerOne as a way to achieve his/her dreams, or as an escape from his/her reality, or at least as a way to make some extra money. This is good news for the ones starting out now and for the ones that have been participating since day one. Looking forward to the first billion!”

Over the past few years, the hacker community has represented a global force for good that has benefited thousands of companies. Hackers are here for good. Their reasons for hacking may vary, but the results are consistently impressing the growing ranks of organizations embracing hackers through crowdsourced security. So a BIG thank you to our hackers for continuing to work with us to secure the internet. We can’t wait to see how fast we’ll reach the next $100 million!

The Ultimate Guide to Managing Ethical and Security Risks in AI

AI Ebook