Ethical Hackers Have Earned $100m

Uploaded on 2020-06-01 in TECHNOLOGY--Hackers, FREE TO VIEW

Bug bounty platform HackerOne has recently announced that it has paid out $100,000,000 in rewards to white-hat hackers around the world at the end of May 2020. Since it started delivering vulnerability reports to its customers, HackerOne bug bounty hunters have found roughly 170,000 security vulnerabilities according to the company's CEO Mårten Mickos.

Freelance elite hackers can make more than $500,000 a year searching for security flaws and reporting those issues at big companies like Tesla and organizations like the US Department of Defense, according to new data released by ethical hacking platform Bugcrowd.

The company, founded in 2012, is one of a handful of so-called “bug bounty” firms that provide a platform for hackers to safely chase security flaws at companies that want to be tested.

Hackers work on a clearly defined contract for a specific company and get paid a bounty when they are able to find a flaw in a company’s infrastructure. How much they’re paid depends on how serious the problem is. Over 700,000 ethical hackers are now using the bug bounty platform to get paid for security bugs in the products of more than 1,900 HackerOne customers.

The total amount of rewards paid to hackers has grown from $10 million between 2014 and 2016, to $30 million between 2017 and 2019, and reached $50 million between Q2 2019 and Q2 2020. 

During 2018 alone, the 300,000 hackers who are part of the bug bounty program earned a combined $19 million in bounties, nearly as much as the platform has awarded in all of the company's previous years combined. 12% of hackers using HackerOne to report security vulnerabilities make over $20,000 each year only from bug bounties, while 1,1% will get rewards worth more than $350,000 annually and 3% being paid over $100,000 per year. It took 5 years to get to $20m in bounties paid.

8 White-Hat Hackers Have Become Millionaires

According to a survey, since enrolled on HackerOne's platform from two years ago, top hackers will earn on average 2.7 times more money in rewards than a software engineer's average salary in the same country. In August 2019 HackerOne also announced that eight of the hackers using its platforms have become millionaires. 

 "As a result of their creativity and tenacity, we predict hackers will have earned $1 billion in bug bounties within five years, protecting companies and governments alike from persistent and ephemeral threats," Maretn Mickos told Bleeping Computer.

To protect against cyberattacks, companies have been using a range of methods to allow people with hacking skills to test their defenses. Some companies use in-house penetration testers, often putting them on so-called red teams to play the role of a malicious collective trying take down corporate servers or steal information.

CNBC:     Bleeping Computer:      Secure World Expo:       

You Might Also Read: 

Young Hacker Makes $1m. Legally.

If you would like more specific information about how you can improve your business cyber security, please contact Cyber Security Intelligence and we will recommend the right solutions for you and your work. 

 

 

 

« PIN Authentication Significantly Reduces Cyber Attacks & Data Breaches
British Government Thinking Again About Huawei »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Renaissance

Renaissance

Renaissance is Ireland's premier value added distributor of IT security solutions and a leading independent provider of business continuity consultancy.

Galvanize

Galvanize

Galvanize is a leading provider of award-winning, cloud-based security, risk management, compliance, and audit software for some of the world’s largest organizations.

Ekran System

Ekran System

Ekran System is an advanced insider threat detection solution for companies of any size.

Randori

Randori

Randori is an attack platform that provides "red-teaming" as a service - basically, staging simulated hack attacks to test for vulnerabilities and gaps in the security response.

Nuspire

Nuspire

Nuspire provide services to protect your network with best-in-class managed detection and response, allowing you to stay focused on managing your business.

International Accreditation Forum (IAF)

International Accreditation Forum (IAF)

The IAF is the world association of Conformity Assessment Accreditation Bodies. Its primary function is to develop a single worldwide programme of conformity assessment.

Agio

Agio

Agio is a hybrid managed IT and cybersecurity provider servicing the financial services, health care and payments industries.

AUTOCRYPT

AUTOCRYPT

AUTOCRYPT is a mobility security provider dedicated to the safety of future transportation

Munich Re

Munich Re

Munich Re is a leading global provider of reinsurance, primary insurance and insurance-related risk solutions including Cyber.

Infosec Global

Infosec Global

Infosec Global provides technology innovation, thought leadership and expertise in cryptographic life-cycle management.

Vumetric Cybersecurity

Vumetric Cybersecurity

Vumetric is an ISO9001 certified company offering penetration testing, IT security audits and specialized cybersecurity services.

X Technologies

X Technologies

X Technologies provide world-class engineering, information technology, information security, program management and repair services to Federal, State and commercial customers.

Zokyo

Zokyo

Zokyo is a venture studio that builds, secures, and funds legendary web3/crypto businesses.

AuthX

AuthX

AuthX provides secure and seamless log-in capabilities through strong authentication and integrations.

M6iT Consulting

M6iT Consulting

M6iT Consulting is an industry-leading solution partner managing the IT requirements for a full range of companies.

Yondu

Yondu

Yondu empowers businesses across various industries through a wide array of innovative technology solutions to help them scale in the new digital economy.