Stephanie Sum

Hackers earned $19 million in bug bounties on HackerOne in 2018; Hacker community surpasses 300,000 with more than 600 hackers registering any given day

SAN FRANCISCO-- March 1, 2019 --HackerOne, the leading hacker-powered security platform, today announced findings from the 2019 Hacker Report, which reveals the hacker community has doubled year over year and has earned $19 million in bounties, nearly matching the total bounties paid to hackers in the previous six years combined. The annual report is a benchmark study of the bug bounty and vulnerability disclosure ecosystem, celebrating hackers’ motivations, education and training, favorite tools, attack surfaces, finances, collaboration, and more.

The report highlights the hackers located in more than 150 countries around the world that are responsible for reporting more than 93,000 resolved security vulnerabilities and earning $42 million earned in bug bounties as of 2018. While India, the United States, Russia, Pakistan, and the United Kingdom are the top locations where hackers reside, representing over 51% of all hackers in the HackerOne community, six African countries had first-time hacker participation in 2018. Hackers from India and the U.S. alone account for 30% of the total community. That is a shift from 2018 when those two countries claimed 43%, demonstrating increasing globalization amongst its members.

This globalization is in part due to the opportunities created by hacker-powered security. Top earners on HackerOne are making up to 40 times the median annual wage of a software engineer in their home countries, including HackerOne’s first hacker to surpass $1 million in bounties earned for helping companies become more secure. Some hackers have been awarded $100,000 for one critical vulnerability, and dozens of customers in the past year have hired hackers they met through their programs. Submitted bug reports, personal interactions and public HackerOne profile activity is a bellwether for hiring decisions — a practice encouraged and championed within HackerOne.

“The perception of hackers is changing,” said Luke Tucker, Senior Director of Community and Content. “With the frequency of cyber attacks swelling to new highs, companies and government organizations are realizing that in order to protect themselves online, they need an army of highly skilled and creative individuals on their side — hackers. As more organizations embrace the hacker community, the safer customers and citizens become.”

In fact, the image of hackers has evolved. Nearly two thirds of Americans (64%) today recognize that not all hackers act maliciously.

As such, the interest in joining the hacker community is growing, but the motivation to join is not solely centered around bounties. Nearly three-times as many hackers (40.52%) begin hacking to learn and contribute to their career and personal growth, and nearly as many hack to have fun (13.53%) as those who do it for the money (14.26%). With each new company and government agency joining HackerOne every day — such as the U.S. Department of Defense, General Motors, Alibaba, Goldman Sachs, Toyota, IBM and more — comes curiosity and a genuine desire to help the internet become more secure (9.31%).

The full report is available at https://www.hackerone.com/resources/the-2019-hacker-report.

Methodology

Data collected from HackerOne Platform, survey data in December 2018, and survey of U.S. adults in January 2019 totalling over 3,667 respondents from over 100 countries and territories. The HackerOne platform surveyed individuals have all successfully reported one or more valid security vulnerabilities on HackerOne, as indicated by the organization that received the vulnerability report. Additional findings were collected from the HackerOne platform using HackerOne’s proprietary data based on over 1,300 collective bug bounty and vulnerability disclosure programs.