HackerOne published its 2018 Hacker Report, which examines the geography, demographics, experience, tools used and motivations of nearly 2,000 bug bounty hackers across 100 countries.
HackerOne found that on average, top earning ethical hackers make up to 2.7 times the median salary of a software engineer in their respective home countries. Also, hackers in India are making as much as 16 times the median. And yet, the new data finds that overall hackers are less motivated by monetary gain, dropping from their first to fourth priority since 2016.
Ethical hacking goes mainstream
While ethical hacking is becoming increasingly mainstream, there are still hurdles to overcome. Ninety-four percent of the Forbes Global 2000 do not have a published vulnerability disclosure policy. As a result, nearly 1 in 4 hackers have not reported a vulnerability that they have found because the company didn’t have a channel to disclose it. However, 72 percent of hackers combined reported that companies are becoming more open to receiving vulnerabilities than they were before.
“Every day, hackers demonstrate the power of the community by reporting thousands of vulnerabilities to companies and government agencies to make the internet safer for us all,” said Marten Mickos, CEO, HackerOne. “We are blown away by the skills, the passion and integrity of these individuals showcased in this report. The work of the ethical hacker community is significantly reducing the risk of security breaches.”
- A quarter of hackers rely on bounties for at least 50 percent of their annual income, and 14 percent say their bounties earned represents 90-100 percent of their annual income. About 12 percent of hackers on HackerOne make $20,000 or more annually from bug bounties, with over 3 percent making more than $100,000 per year and, 1 percent making over $350,000 annually.
- Over 90 percent of all successful bug bounty hackers on HackerOne are under the age of 35. Overall, 45 percent of HackerOne hackers are between 18 and 24 years old.
- 37 percent of hackers say they hack as a hobby in their spare time.
Working alone, learning from others
While about a third of hackers (30.6%) prefer working alone, 31.3% of hackers like to read other hackers’ blogs and publicly disclosed vulnerability results to learn from them. Thirteen percent of hackers sometimes work with their peers, 9% regularly work with other hackers, 8.7% of hackers serve as mentors or mentees to other hackers and 7.1% have filed at least one bug report with other hackers as part of a team.
There’s no better time to be an ethical hacker. More than 1,000 organizations including, General Motors, GitHub, Lufthansa, Nintendo, Spotify, Starbucks, U.S. Department of Defense and more work with the global hacker community to find and fix security vulnerabilities fast.