Bug Bounty Hackers Make More Money Than Average Salaries, Report Finds

1 of 10

Bug Bounty Hackers Make More Money Than Average Salaries, Report Finds

Bug bounty programs exist to reward ethical hackers with a financial award (the "bounty") for responsibly disclosing security vulnerabilities. What types of people participate in bug bounty programs and why do they do it? Those are just a few of the questions that managed bug bounty platform provider HackerOne answers in its 2018 Hacker Report. The 40-page report, released on Jan. 17, is based on answers from 1,698 respondents around the world. Among the key findings in the report is that individuals who participate in bug bounty programs earn on average 2.7 times more than the median salary of a software engineer in their home country. In this slide show, eWEEK looks at the highlights of the HackerOne 2018 Hacker Report.

2 of 10

Where the Bug Bounty Payouts Go

Most bug bounty payouts come from programs in the United States, according to the HackerOne report. Correspondingly, individuals in the U.S. are the top recipients of bug bounty payouts, followed by researchers located in India.

3 of 10

Bug Bounties vs. Salaries

Bug bounty program participants overall make an average of 2.7 times more than the median software engineer salary in their home country, HackerOne found. Researchers in India see the largest difference, making an average of 16 times the median salary of a software engineer in that country. U.S. researchers, meanwhile, make an average of 2.4 times more than the median salary.

4 of 10

Who Are the Bug Bounty Hunters?

More than 90 percent of bug bounty program hackers are under the age of 35, with nearly half (46.7 percent) working in the IT industry, according to HackerOne's research.

5 of 10

Most Have Been Hacking for Less Than Five Years

According to HackerOne, 71.2 percent of respondents to its survey have been hacking for one to five years.

6 of 10

What Tools Do Bug Bounty Hunters Use?

The most widely used tool by bug bounty hunters is the Burp Suite, which is a set of hacking tools from software vendor Portswigger. The Burp Suite is used by 29.3 percent of bug bounty hunters, while 15.3 percent build their own tools and 11.8 percent use network vulnerability scanners.

7 of 10

Websites Are Top Target

The top target identified in the HackerOne survey is websites at 70.8 percent, followed in distant second by APIs at 7.5 percent.

8 of 10

Cross Site Scripting is a Top Attack Vector

Bug bounty hunters use many different attack techniques, with Cross Site Scripting (XSS)—used by 28.8 percent of respondents—as the preferred attack vector.

9 of 10

Why Do Bug Bounty Hunters Choose the Companies They Hack?

More bug bounty hunters hack a company because they like a company (13 percent) than they dislike a company (2.1 percent). However, the single biggest reason (23.7 percent) a hacker chooses a particular company to hack is simply based on the bounties offered.

10 of 10

Technologies That Secure the Home, WiFi and More Debut at CES 2018

Amid the avalanche of new TVs, connected cars and voice-powered devices, a number of new security technologies were announced at CES 2018.
Top White Papers and Webcasts