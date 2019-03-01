HackerOne,
the leading hacker-powered security platform, today announced findings
from the 2019
Hacker Report, which reveals the hacker community has doubled year
over year and has earned $19 million in bounties, nearly matching the
total bounties paid to hackers in the previous six years combined. The
annual report is a benchmark study of the bug bounty and vulnerability
disclosure ecosystem, celebrating hackers’ motivations, education and
training, favorite tools, attack surfaces, finances, collaboration, and
more.
The report highlights the hackers located in more than 150 countries
around the world that are responsible for reporting more than 93,000
resolved security vulnerabilities and earning $42 million earned in bug
bounties as of 2018. While India, the United States, Russia, Pakistan,
and the United Kingdom are the top locations where hackers reside,
representing over 51% of all hackers in the HackerOne community, six
African countries had first-time hacker participation in 2018. Hackers
from India and the U.S. alone account for 30% of the total community.
That is a shift from 2018 when those two countries claimed 43%,
demonstrating increasing globalization amongst its members.
This globalization is in part due to the opportunities created by
hacker-powered security. Top earners on HackerOne are making up to 40
times the median annual wage of a software engineer in their home
countries, including HackerOne’s first hacker to surpass $1 million in
bounties earned for helping companies become more secure. Some hackers
have been awarded $100,000 for one critical vulnerability, and dozens of
customers in the past year have hired hackers they met through their
programs. Submitted bug reports, personal interactions and public
HackerOne profile activity is a bellwether for hiring decisions — a
practice encouraged and championed within HackerOne.
“The perception of hackers is changing,” said Luke Tucker, Senior
Director of Community and Content. “With the frequency of cyber attacks
swelling to new highs, companies and government organizations are
realizing that in order to protect themselves online, they need an army
of highly skilled and creative individuals on their side — hackers. As
more organizations embrace the hacker community, the safer customers and
citizens become.”
In fact, the image of hackers has evolved. Nearly two thirds of
Americans (64%) today recognize that not all hackers act maliciously.
As such, the interest in joining the hacker community is growing, but
the motivation to join is not solely centered around bounties. Nearly
three-times as many hackers (40.52%) begin hacking to learn and
contribute to their career and personal growth, and nearly as many hack
to have fun (13.53%) as those who do it for the money (14.26%). With
each new company and government agency joining HackerOne every day —
such as the U.S. Department of Defense, General Motors, Alibaba, Goldman
Sachs, Toyota, IBM and more — comes curiosity and a genuine desire to
help the internet become more secure (9.31%).
The full report is available at https://www.hackerone.com/resources/the-2019-hacker-report.
Methodology
Data collected from HackerOne Platform, survey data in December 2018,
and survey of U.S. adults in January 2019 totalling over 3,667
respondents from over 100 countries and territories. The HackerOne
platform surveyed individuals have all successfully reported one or more
valid security vulnerabilities on HackerOne, as indicated by the
organization that received the vulnerability report. Additional findings
were collected from the HackerOne platform using HackerOne’s proprietary
data based on over 1,300 collective bug bounty and vulnerability
disclosure programs.
