As the idea of ethical hacking begins to resonate more with the general public, it has inspired more people ranging from aspiring hackers to seasoned security professionals to join the hacking community and seek out crowdsourced security testing programs to hunt bug bounties.
And judging by how 71 percent of cybercriminals can breach a perimeter within 10 hours, the need for people who can spot these flaws that allow access before the bad guys will only increase.
“It’s not just a single problem,” researcher Mehidia Afrin Tania said in the Bugcrowd: Inside The Mind of a Hacker report. “But when it comes to the most prevalent causes of breaches it could be users, devices, or access to applications. It could be Crime-as-a-service (CaaS) which will expand available tools and services.”
The year-end report from Bugcrowd found the top three reasons for bug hunting were for the challenge, professional development, and education.
The bug bounty company conducted a study surveying more than 750 of its global community of whitehat hackers and pentesters, segmenting for statistics around demographics, motivations, and economics.
The study found that 22 percent of hackers consider bug hunting their full-time profession, 77 percent have a full time profession outside of bug hunting, 81 percent said their experience bug hunting has helped them get a job, and 72 percent said bug hunting helped land them a job in cybersecurity.
Bug Bounty hunters have high aspirations as well, 31.56 percent of bug bounty hunters aspire to be a full time bug hunter, 24.96 percent aspire to be a penetration tester, 15.06 percent aspire to be a top security engineer at a highly esteemed company, 9.47 percent want to be a security consultant and 6.03 percent would like to be a CISO.
The study also found bug hunters are often learn their skills from a variety of sources as 43 percent of hackers learned how to hack via online resources and blogs and 41 percent are self-taught. Bug hunters are also team players who learn from each other as 35 percent of the community say they currently collaborate with other hackers, and 50 percent expect to collaborate more in the next 12 months.
Bug hunters are also young, ambitious and eager to develop their skills as 72 percent of the hacker community are ages 18-29 and of all the respondents, 43 percent learned how to hack via online resources and blogs and 41 percent are self-taught.
As bug bounties increase in popularity, researchers are also seeing increased traction in vulnerabilities submitted in web applications, network pen testing, api assessments, social engineering, vehicle testing, mobile: bbry/winmo and IoT/ embedded devices.