HackerOne, the #1 hacker-powered pentest & bug bounty platform, today announced findings from the 2020 Hacker Report, which reveals that the concept of hacking as a viable career has become a reality, with 18% describing themselves as full-time hackers, searching for vulnerabilities and making the internet safer for everyone. Not only are more hackers spending a higher percentage of their time hacking, they’re also earning a living doing it. The annual report is a benchmark study of the bug bounty and vulnerability disclosure ecosystem, detailing the efforts and motivations of hackers from the 170 countries who represent the HackerOne hacker community and are working every day to protect the 1,700 companies and government agencies on the HackerOne platform.
“Hackers are a global force for good, working together to secure our interconnected society,” said Luke Tucker, Senior Director of the Global Hacker Community. “The community welcomes all who enjoy the intellectual challenge to creatively overcome limitations. Their reasons for hacking may vary, but the results are consistently impressing the growing ranks of organizations embracing hackers through crowdsourced security — leaving us all a lot safer than before.”
Key findings include:
- Global growth of bug bounty programs is being followed by the globalization of the hacker community. Hackers from Switzerland and Austria earned over 950% more than in the previous year, and hackers from Singapore, China, and other countries in APAC earned over 250% more than in 2018.
- The hacker community continues to grow at a robust pace, nearly doubling in the past year to more than 600,000 registered.
- Hundreds of hackers are registering to join the ranks every day — nearly 850 on average — working to secure the technologies of more than 1,700 global customer programs.
- Hacking also provides valuable professional experience, with 78% of hackers using their hacking experience to help them find or better compete for a career opportunity.
- Hacking is becoming a popular income supplement or career choice. Nearly 40% of hackers devote 20 hours or more per week to their search for vulnerabilities. And 18% of our survey respondents describe themselves as full-time hackers.
- Hackers earned approximately $40 million in bounties in 2019 alone, which is nearly equal to the bounty totals for all preceding years combined. At the end of this past year, hackers had cumulatively earned more than $82 million for valid vulnerability reports.
- In addition to the seven hackers who have passed the $1 million earnings milestone — the most recent of which was announced today — thirteen more hit $500,000 in lifetime earnings.
- Hackers in the U.S. earned 19% of all bounties last year, with India (10%), Russia (8%), China (7%), Germany (5%), and Canada (4%) rounding out the top 6 highest-earning countries.
“No industry or profession has experienced an evolution quite like hacking,” explained Tucker. “It started in the darkest underbelly of the internet, where hackers roamed the online world in search of vulnerabilities. It later grew into a respectable hobby, something that talented people could do on the side. Now it’s a professional calling: hackers, pentesters, and security researchers are trusted and respected, and they provide a valuable service for us all.”
This tectonic shift is happening at every corner of the globe. Hackers today are living in countries like Panama, New Zealand, Hungary, Senegal, Cuba, Vietnam, and Venezuela, working to make the internet safer for everyone. As hacker-powered security programs become ubiquitous, it’s easy for hackers to find new and potentially lucrative opportunities from anywhere — all they need is an internet connection. This is, in part, due to the global growth of hacker-powered security programs. Federal Governments led the pack across the globe in 2019 with the strongest year-over-year industry growth at 214%, and last year saw the first launch of programs at the municipal level, according to the 2019 Hacker-Powered Security Report. In 2019 alone, HackerOne launched 22 programs and 36 altogether since 2016 with governments in North America, Asia and Europe. Every minute of every day, hackers and companies across the globe come together to make the internet safer for everyone.
To learn more about who hackers are, what inspires them, and what’s next in their journey, check out The 2020 Hacker Report: https://www.hackerone.com/resources/reporting/the-2020-hacker-report
Data was collected from a proprietary HackerOne survey in December 2019 and January 2020, totalling over 3,150 respondents from over 120 countries and territories. The surveyed individuals have all successfully reported one or more valid security vulnerabilities on HackerOne, as indicated by the organization that received the vulnerability report. Additional findings were collected from the HackerOne platform using HackerOne’s proprietary data based on over 1,700 collective bug bounty and vulnerability disclosure programs.
HackerOne is the #1 hacker-powered pentest & bug bounty platform, helping organizations find and fix critical vulnerabilities before they can be exploited. More Fortune 500 and Forbes Global 1000 companies trust HackerOne than any other hacker-powered security alternative. With more than 1,700 customer programs, including The U.S. Department of Defense, General Motors, Google, Goldman Sachs, PayPal, Hyatt, Twitter, GitHub, Nintendo, Lufthansa, Microsoft, MINDEF Singapore, Panasonic Avionics, Qualcomm, Starbucks, Dropbox, and Intel, HackerOne has helped to find over 150,000 vulnerabilities and award more than $82M in bug bounties to a growing community of over 600,000 hackers. HackerOne is headquartered in San Francisco with offices in London, New York, the Netherlands, France and Singapore.