Ethical hackers will probably live longer, less clandestine lives too.

The concept of hacking as a viable ethical career has become a reality, according to a recent report from bug bounty platform HackerOne.

With 18% of 3,150 respondents from 170 countries describing themselves as full-time hackers, searching for vulnerabilities and making the internet safer for everyone, the rise of ethical hacking is now clear and present.

Not only are more hackers spending a higher percentage of their time hacking, they are also earning a living doing it. The report is a benchmark study of the bug bounty and vulnerability disclosure ecosystem, detailing the efforts and motivations of hackers from the countries that represent the HackerOne hacker community and the 1,700 companies and government agencies on the HackerOne platform.

Key findings include:

Global growth of bug bounty programs is being followed by the globalization of the hacker community. Hackers from Switzerland and Austria earned over 950% more than in the previous year, and hackers from Singapore, China, and other countries in APAC earned over 250% more than in 2018.

The hacker community continues to grow at a robust pace, nearly doubling in the past year to more than 600,000 registered.

Hundreds of hackers are registering to join the ranks every day—nearly 850 on average – working to secure the technologies of more than 1,700 global customer programs.

Hacking also provides valuable professional experience, with 78% of hackers using their hacking experience to help them find or better compete for a career opportunity.

Hacking is becoming a popular income supplement or career choice. Nearly 40% of hackers devote 20 hours or more per week to search for vulnerabilities. And 18% of our survey respondents describe themselves as full-time hackers.

Hackers earned approximately US$40 million in bounties in 2019 alone , which is nearly equal to the bounty totals for all preceding years combined. At the end of 2019, hackers had cumulatively earned more than US$82 million for valid vulnerability reports.



, which is nearly equal to the bounty totals for all preceding years combined. At the end of 2019, hackers had cumulatively earned more than US$82 million for valid vulnerability reports. In addition to the seven hackers who have passed the US$1 million earning milestone—the most recent of which was announced today— thirteen more hit US$500,000 in lifetime earnings.

Hackers in the USA earned 19% of all bounties last year, with India (10%), Russia (8%), China (7%), Germany (5%), and Canada (4%) rounding out the top 6 highest-earning countries.

This notable shift is happening at every corner of the globe. Hackers today are living in countries like Panama, New Zealand, Hungary, Senegal, Cuba, Vietnam, and Venezuela, working to make the internet safer for everyone. As hacker-powered security programs become ubiquitous, it is now easy for ethical hackers to find new and potentially lucrative opportunities from anywhere. This is, in part, due to the global growth of hacker-powered security programs. Federal Governments led the pack across the globe in 2019 with the strongest year-over-year industry growth at 214%, and last year saw the first launch of programs at the municipal level, according to the 2019 Hacker-Powered Security Report.

Said Luke Tucker, Senior Director of the Global Hacker Community: “No industry or profession has experienced an evolution quite like hacking. It started in the darkest underbelly of the Internet, and it has grown into a respectable hobby, something that talented people could do on the side. Now it’s a professional calling: hackers, pen-testers, and security researchers are trusted and respected, and they provide a valuable service for us all.”

Bookmark