Vulnerability Management

Bug bounty hunter numbers rising dramatically: HackerOne


HackerOne reported an explosion in the number of people participating in its program and the amount of money they earned through bug bounties in 2019.

HackerOne’s 2020 Hacker Report stated the number of people participating in its bug bounty programs more than doubled in the last year to 600,000 with the amount of money earned almost hitting the $40 million mark, which equals the total amount earned up to 2018.More than 50 hackers earned at least $100,000 in 2019.

Hackers in the U.S. earned 19 percent of all bounties last year, with India (10 percent), Russia (8 percent), China (7 percent) and Germany (4 percent) comprising the top five highest-earning countries.

For most bug bounty hunting is not a full-time job, although 18 percent of those in the program consider it their primary occupation and another 40 percent work for 20 or more hours per week. Interestingly, the vast majority of these folks are self-taught using online resources and self-directed educational materials. Only 16 percent reported taking and completing any formal instruction.

HackerOne also found its hackers have used or intend to use their bug bounty skills to obtain work in the cybersecurity industry.

Being a bug bounty hunter definitely appeals to younger people with 83 percent being between 18 and 34-years-old, with more than half of those under 24. And even a small number of hackers, 4 percent, are younger being 13 to 17-years-old.

That doesn’t mean the job has no appeal to older folks. In 2019 12 percent were between 35 and 49, up from 9 percent the year before.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.