Bug bounty programs continue to grow as businesses and even federal governments seek out the help of white hat hackers to find vulnerabilities in their software.
The bug bounty platform HackerOne, which helps connect companies to ethical hackers, has grown to include a community of 600,000 white hackers who managed to cash in a record $40m in bounties over the past 12 months according to its annual report on the state of ethical hacking.
HackerOne has grown exponentially since its launch in 2012 and the money earned in bounties last year was almost equal to the entire amount it has awarded in all previous years combined. The platform has paid out a grand total of $82m to hackers who were able to successfully detect over 150,000 vulnerabilities.
- HackerOne pays up after data incident
- Google paid out millions in bug bounties last year
- Apple ups bug bounty rewards in security push
Individual cash prizes have increased as well and while HackerOne paid out its first $1m bounty in 2018, last year it paid out the same amount to seven different hackers. At the same time, the number of hackers who earned $100,000 in bounties has almost tripled since 2018 to reach 146. According to HackerOne's latest report, the potential earnings power of a career in hacking is higher than the global average IT salary of $89,732.
HackerOne's annual report also shed light on how businesses and even government agencies have turned to ethical hackers to improve their security, saying:
“Leading organizations including the U.S. Department of Defense, Goldman Sachs, Shopify, Facebook, have recognized hackers’ enormous potential to do good. Dozens of companies in the past year have hired from within the community, utilizing submitted bug reports, personal interactions and public HackerOne profile activity as a bellwether for hiring decisions — a practice encouraged and championed within HackerOne.”
In fact, governments and government agencies had the strongest year-over-year growth at 214 percent when it came to hiring hackers to find bugs in their software and platforms. The US Department of Defense runs several programs in partnership with HackerOne including Hack the Pentagon, Hack the Army and Hack the Air Force. The European Commission is also working with the ethical hacking platform and together two have launched a number of bug bounty programs as part of its Free and Open Source Software Auditing (FOSSA) project.
One of the main reasons businesses and governments have grown more interested in employing ethical hackers is due to the cybersecurity skills gap. According to HackerOne's report, the unemployment rate for trained cybersecurity professionals is at zero percent which suggests that the demand for these workers far outweighs the supply.
Expect businesses and governments to continue to seek out the help of ethical hackers while HackerOne will likely pay out even more in bug bounties next year.
- We've also highlighted the best antivirus software