In its 2020 annual report HackerOne disclosed that it paid out $40 million in bounties in 2019, roughly equal to the total for all previous years combined. It also has information about who the hackers are, what motivates them and how they think other people perceive hackers

HackerOne is the pre-eminent bug bounty platform with a community of over 600,000 ethical, or white hat, hackers. Since it started in 2012, HackerOne has helped to find over 150,000 vulnerabilities and award more than $82M in bug bounties. Its partner programs include those of Google, Microsoft, GitHub, the US Department of Defence, Goldman Sachs, General Motors and others high profile ones  with a total of 1,700 customer programs in all. So the $6.5 million we recently reported as being paid out by Google in 2019 was channeled through HackerOne. 

The data for its 2020 report comes from a survey, conducted in December 2019 and January 2020, with over 3,150 respondents from over 120 countries and territories.

The report reveals that hacking provides valuable professional
experience, with 78% of hackers using it to help them find a better job or compete for a career opportunity. It is increasingly becoming a career choice. Nearly 40% of the respondents devote 20 hours or more per week to their search for vulnerabilities and 18% describe themselves as full-time hackers.  In terms of income, most hackers make less than $20,000 per year from bug bounties as a hobby but more than 50 hackers earned over $100,000 in 2019. In terms of lifetime earnings, HackerOne reported that seven hackers had passed the $1 million earnings milestone.

The report reveals that the hacker community is younger than the "general" developer community. Whereas Stack Overflow found around 75% of respondents were aged less than 35 and 27% were less than 25, the corresponding percentages for HackerOne are 87% and 64%. The gender ratio is very similar for both communities - on about 10% are women.

HackerOne also looked into education specifically related to computer science and/or programming, discovering a change from the previous year:

The report notes:

Hackers are becoming more educated via formal channels, from school programs through advanced degrees. Those who studied programming or computer science in high school increased from 23% last year to over 26% this year. Those who’ve gone on to study in undergraduate or advanced degrees also increased from 53% last year to 75% this year. Even those taking continuing education courses increased slightly, leaving “none of the above” as the only shrinking segment.   

When it comes to hacking the picture is very different with only 6% having attended classes or gained certification, while 43% were self-taught and a further 22% used online resources, including Hacker One's Hacker 101 video lessons (5%).

Asked about motivation, and asked to give three responses, two thirds of respondents said they hack "to be challenged", over half of respondents chose "to make money", with almost as many selecting "to learn tips and techniques". "To have fun" was chosen by just under half of respondents, putting it ahead of "to advance my career".

Hacking used to have a bad press - it was the activity of exploiters rather than those looking for potential exploits with the aim of increasing security. The survey included a question on whether outsiders' perceptions of hackers had improved:

Only 13% of respondents saw no change for the better and only a third perceived a more positive perception from the media - but does this mean the media were already seen as being well-disposed towards them? What is probably important is that over half (55%) saw a more positive perception from those who mattered - family and friends, ahead of almost half (47%) having that impression of the general public.

As far as HackerOne is concerned, the question of whether hacking is good or bad has been decided on the side of good. To quote from the report:

Organizations like the Department of Defense, Goldman Sachs, Facebook, and Google have embraced hacking as part of a mature security infrastructure. But it’s more than that: it’s a lifestyle, a mindset, a philosophy, and a global movement. HackerOne is proud to partner with our global community of hackers to continue to do good.  

More Information

The 2020 Hacker Report

Related Articles

Microsoft Partners With HackerOne On Bug Bounty

Over $21 Million In Google Bug Bounty

To be informed about new articles on I Programmer, sign up for our weekly newsletter, subscribe to the RSS feed and follow us on Twitter, Facebook or Linkedin.

Comments

Make a Comment or View Existing Comments Using Disqus

or email your comment to: comments@i-programmer.info