Bug bountyplatform HackerOne announced today that it has paid out $100,000,000 in rewards to white-hat hackers around the world as of May 26, 2020.
Since it started delivering vulnerability reports to its customers, HackerOne bug bounty hunters havefound roughly 170,000 security vulnerabilities according to the company's CEOMrten Mickos.
Over 700,000 ethical hackersare no using the bug bounty platform to get paid for security bugs in the productsof more than 1,900 HackerOnecustomers.
"It is impossible to know exactly how many cyber breaches have thereby been averted but we can estimate that it is thousands or perhaps over ten thousand," Mickos said.
"With the average cost of breach somewhere around $8 million, the savings are in the tens of billions."
As seen in the chart below, the total amount of rewards paid to hackers grew from $10 million between 2014 and 2016, to $30 million between 2017 and 2019, and reached $50 million between Q2 2019 and Q2 2020.
12% of hackers using HackerOne to report security vulnerabilitiesmake over $20,000 each year only from bug bounties, while 1,1% will get rewards worth more than$350,000 annually and 3% being paid over $100,000 per year.
"[I]ttook five years to get to $20 Million in bounties paid, a figure we reached in Q3 2017 (see chart)," HackerOne says.
"Since then, things have really taken off, with the next $80 Million taking only three years. We recently had our best week ever $2.4 Million in bounties paid in just six days."
According toa survey of 1,700 bug bounty hunters enrolled on HackerOne's platform from two years ago, tophackers will earn on average 2.7 times more money in rewards than a software engineer's average salary in the same country.
In August 2019 HackerOne also announced that eight of the hackers using its platforms have become millionaires, with19-year-old Santiago Lopez(@try_to_hack) being the first one to go over $1 million in earningsin March 2019.
"Now, Mark Litchfield (@mlitchfield) from the U.K., Nathaniel Wakelam (@nnwakelam) from Australia, FransRosen (@fransrosen) from Sweden, Ron Chan (@ngalog) from Hong Kong, and Tommy DeVoss (@dawgyg) from the U.S. joined the $1M hacker ranks by hacking for improved internet security," HackerOne said at the time.
Cosmin (@inhibitor181) from Germany and Eric (@todayisnew) are the seventh and eight HackerOne millionaires announced earlier this year, on February 24th and February 24th, respectively.
"As a result of their creativity and tenacity, we predict hackers will have earned $1 billion in bug bounties within five years, protecting companies and governments alike from persistent and ephemeral threats," the company's CEO added.
Update: Added info on @inhibitor181 and@todayisnew.Read More..