Skip to main content

Ethical Hacking Proves More Lucrative Than Software Engineering for Some; Bounty Rewards No Longer #1 Motivation

Survey reveals 72% of hackers say organizations are more open to receiving vulnerability reports

SAN FRANCISCO-- January 17, 2018 --HackerOne, the leading hacker-powered security platform, today published its 2018 Hacker Report, from the largest survey ever conducted of the ethical hacker community. The report examines the geography, demographics, experience, tools used and motivations of nearly 2,000 bug bounty hackers across 100 countries.

The report revealed that, on average, top earning ethical hackers make up to 2.7 times the median salary of a software engineer in their respective home countries; hackers in India are making as much as 16 times the median. And yet, the new data finds that overall hackers are less motivated by monetary gain, dropping from their first to fourth priority since 2016. Twenty-four percent of those surveyed have also donated bounty money to charity organizations like EFF, Red Cross, Doctors Without Borders, Save the Children and local animal shelters.

While ethical hacking is becoming increasingly mainstream, there are still hurdles to overcome. Ninety-four percent of the Forbes Global 2000 do not have a published vulnerability disclosure policy. As a result, nearly 1 in 4 hackers have not reported a vulnerability that they have found because the company didn’t have a channel to disclose it. However, 72 percent of hackers combined reported that companies are becoming more open to receiving vulnerabilities than they were before.

“Every day, hackers demonstrate the power of the community by reporting thousands of vulnerabilities to companies and government agencies to make the internet safer for us all,” said Marten Mickos, CEO, HackerOne. “We are blown away by the skills, the passion and integrity of these individuals showcased in this report. The work of the ethical hacker community is significantly reducing the risk of security breaches.”

Additional Hacker Report Key Findings:

  • A quarter of hackers rely on bounties for at least 50 percent of their annual income, and 14 percent say their bounties earned represents 90-100 percent of their annual income. About 12 percent of hackers on HackerOne make $20,000 or more annually from bug bounties, with over 3 percent making more than $100,000 per year and, 1 percent making over $350,000 annually.
  • Over 90 percent of all successful bug bounty hackers on HackerOne are under the age of 35. Overall, 45 percent of HackerOne hackers are between 18 and 24 years old.
  • 37 percent of hackers say they hack as a hobby in their spare time.

There’s no better time to be an ethical hacker. More than 1,000 organizations including, General Motors, GitHub, Lufthansa, Nintendo, Spotify, Starbucks, U.S. Department of Defense and more work with the global hacker community to find and fix security vulnerabilities fast.

This new data comes on the heels of HackerOne’s fastest-growing year, with 1,000 customer programs and more than $23M in bounties awarded to the hacker community. The company plans to pay over $100 million in rewards to hackers by 2020.

Hacker Report

The HackerOne 2018 Hacker Report surveyed 1,698 ethical hackers on the HackerOne platform. The report provides insight into the geography, demographics, skills and experience, tools used by hackers, hacker motivations, giving back to the hacker community and concerns for disclosing vulnerabilities. You can access the full report at