US$ 100m paid in bug bounties to white-hat hackers

News by SC Staff

Ethical hackers on the HackerOne platform are reported to have earned a cumulative US£100 million finding and reporting vulnerabilities through bug bounty programmes.

Ethical hackers on the HackerOne platform are reported to have earned a cumulative US$100 million (£82 million) finding and reporting vulnerabilities through bug bounty programmes for customers including UBER, Slack and Goldman Sachs.

The payments are clearly accelerating, with US$ 40 million (£33 million) paid in 2019 alone. More than 140 hackers working via HackerOne have earned over US$100,000  (£82,000) with 50  exceeding that sum this year. Some 84 hackers join the platform every hour, now reporting an average of 24 vulnerabilities in the same time frame - with 170,000 vulnerabilities uncovered to date.

Hacker One reports that it has gone from paying US$30,000 (£25,000) in its first month, October 2013, to US$ 5.9 million  (£4.8 million) in April 2020.

“We started out as a couple hackers in the Netherlands with a crazy belief that hackers like us could make organisations safer and do it more efficiently and cost-effectively than traditional approaches,” explained HackerOne co-founders Jobert Abma and Michiel Prins in their blog post about the milestone. “US$100 million (£82 million) in bounties later, maybe this idea isn’t so crazy after all.”

Highlights since launch include:

  • 84: The number of new hackers that sign up to the platform every hour

  • US$ 6,000 (£4,900): The amount of bounties paid out on the platform every hour

  • 214 percent: Year-over-year hacker-powered security growth in the federal government

  • 85.6 percent: The year over year growth in total bounty payments, with 17.5 percent increase since February when Covid-19 was declared a pandemic.

  • 343 percent: The increase in signups over the past year on Hacker101 — HackerOne’s free online classes for aspiring hackers.

  • 38 percent: The increase in average weekly new registrants for Hacker101 since February.

  • Over 170,000: The number of vulnerabilities hackers have uncovered in nearly 2,000 customer programs

Marten Mickos, CEO HackerOne comments: “We have arrived at the point in history where you are ignorant and negligent if you do not have a way to receive useful input from ethical hackers. In this new world of ever-evolving threats, the only way to get ahead is to get transparent. Openness, not secrecy, is the way forward.”

Mickos’ predictions for the future:

  • Within the next 15 years, we expect to have produced over 500 Chief Information Security Officers (CISOs) out of our hacker ranks. These skilled and motivated people will help reduce cyber risk in key commercial enterprises and government agencies.

  • Hackers will earn US$ 1 billion (£820 million) in bug bounties within five years on HackerOne.

Many of these ethical hackers have daytime jobs, but there are increasing numbers pursuing bug hunting as a career and globally they earn up to 36 percent more than they would as a software engineer in their home country.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews