Hackers earned $21mn in last 12 months via bug bounty
Singapore: Hackers earned $21 million in the last 12 months reporting vulnerabilities via various bug bounty opportunities as governments’ efforts to fix malware increased a whopping 214 per cent globally, a new report said on Friday.
Six hackers surpassed $1 million in lifetime earnings, seven more hit $500,000 in lifetime earnings and more than 50 earned $100,000 or more in the past year alone, revealed HackerOne, hacker-powered bug bounty platform.
The “2019 Hacker-Powered Security Report” examines trends from over 120,000 security vulnerabilities resolved for more than 1,400 customers, earning hackers over $62 million in bounties.
“Hacking is here for good, for the good of all of us. Half a million hackers have willingly signed up with HackerOne to help solve one of the greatest challenges our society faces today,” said HackerOne CEO Marten Mickos.
“We cannot prevent data breaches, reduce cybercrime, protect privacy or restore trust in society without pooling our defences and asking for external help,” he added.
The average bounty paid for critical vulnerabilities increased to $3,384 in the past year — a 48 per cent increase over last year’s average of $2,281 and a 71 per cent increase over the 2016 average of $1,977.
Bounty values for less severe vulnerabilities are also rising, with the average platform-wide bounty increasing 65 per cent.
Strong bug bounty programme adoption took place in automotive (113 per cent), telecommunications (91 per cent), consumer goods (64 per cent), and cryptocurrency and Blockchain (64 per cent) industries.
“Globalisation of hacker-powered security continues to increase. Several new countries entered the top 10 highest paying, hackers living in 19 countries earned more than $100,000 in total last year, and more organisations in more countries are hosting live hacking events,” the report mentioned.
“Hackers are no longer anonymous guns-for-hire. They are being embraced by everyone from the insurance industry to government agencies,” it added.
When a new bug bounty programme is launched, in 77 per cent of the cases, hackers are reporting the first valid vulnerability within 24 hours.
Nearly 25 per cent of valid vulnerabilities found are classified as being of “high or critical” severity.
“Every five minutes, a hacker reports a vulnerability through a bug bounty or vulnerability disclosure programme. Every 60 seconds, a hacker partners with an organisation on HackerOne,” the report added.