Hackers scored a record $40M in bug bounties in 2019
Hacking may have a negative connotation in many people’s minds. Still, there is an increasing number of hackers that are using their skills to help corporations and governments avoid SNAFUs that end up costing them billions of dollars. HackerOne’s mission is to connect hackers and organizations, who are now pouring $40 million a year for bug bounties.
Hackers who leak industry secrets like the one that divulged the Switch ahead of launch put their freedom at great risk, but others can make a small fortune if they focus on using their skills for ethical purposes.
It might seem hard to believe, but according to an annual report from the bug bounty platform HackerOne, the so-called white hat community has been snowballing over the last few years. The organization said its base or registered hackers exceeded 600,000 in 2019, double the number it had in 2018.
To put things in perspective, HackerOne notes that in 2019, companies like Google, Goldman Sachs, IBM, Toyota, Dropbox, and General Motors paid ethical hackers a record $40 million in bounties. That amount is almost equal to the total awarded for all prior years combined.
HackerOne launched in 2012 and has since connected companies and hackers who want to find serious bugs and security flaws in exchange for a financial reward. These efforts have led to more than $82 million being awarded for a total of over 150,000 vulnerabilities. It has also encouraged companies to increase bounty amounts.
In 2018, one hacker received a $1 million bounty for his work, and there are now 146 hackers that earn $100,000 a year, which makes this look increasingly like a lucrative career path. Companies aren’t the only ones interested in their skills. Governments are big customers as well. For example, the US Department of Defense has several partner programs with HackerOne, and the same is true for the European Commission and its Free and Open Source Software Auditing project.
According to a Cybersecurity Ventures analysis, cybercrime is expected to produce around $6 trillion in damages by 2021. HackerOne says many organizations could benefit from opening up to the potential benefits of ethical hacking, but 93 percent of Forbes 2000 companies don’t even have a vulnerability disclosure policy in place to facilitate communication with the security community.