Good guys do not always finish last.
HackerOne reported that six people have each earned more than $1 million through the bug bounty program. The first person, Santiago Lopez, reached this mark in March 2019 and has since been joined by Mark Litchfield, Nathaniel Wakelam, Frans Rosen, Ron Chan and Tommy DeVoss.
The induction of these newcomers to the million-dollar club was made in conjunction with the release of HackerOne’s 2019 Hacker-Powered Security Report. The report is based on 123,000 unique resolved security vulnerabilities associated with 1,400 customer programs stated that more than $62 million in bounties were earned by hackers from over 150 countries.
HackerOne found that the average bounty paid for critical vulnerabilities increased 48 percent over last year’s average across all industries to $3,384; up from $2,281. A 71 percent increase over the 2016 average of $1,977. Hackers earned $21 million in the past year, an increase of $10 million over the year prior.