1Bug Bounty Hackers Make More Money Than Average Salaries, Report Finds
Bug bounty programs exist to reward ethical hackers with a financial award (the “bounty”) for responsibly disclosing security vulnerabilities. What types of people participate in bug bounty programs and why do they do it? Those are just a few of the questions that managed bug bounty platform provider HackerOne answers in its 2018 Hacker Report. The 40-page report, released on Jan. 17, is based on answers from 1,698 respondents around the world. Among the key findings in the report is that individuals who participate in bug bounty programs earn on average 2.7 times more than the median salary of a software engineer in their home country. In this slide show, eWEEK looks at the highlights of the HackerOne 2018 Hacker Report.
2Where the Bug Bounty Payouts Go
3Bug Bounties vs. Salaries
Bug bounty program participants overall make an average of 2.7 times more than the median software engineer salary in their home country, HackerOne found. Researchers in India see the largest difference, making an average of 16 times the median salary of a software engineer in that country. U.S. researchers, meanwhile, make an average of 2.4 times more than the median salary.
4Who Are the Bug Bounty Hunters?
5Most Have Been Hacking for Less Than Five Years
6What Tools Do Bug Bounty Hunters Use?
7Websites Are Top Target
8Cross Site Scripting is a Top Attack Vector
9Why Do Bug Bounty Hunters Choose the Companies They Hack?
More bug bounty hunters hack a company because they like a company (13 percent) than they dislike a company (2.1 percent). However, the single biggest reason (23.7 percent) a hacker chooses a particular company to hack is simply based on the bounties offered.