Bug bounty platform, HackerOne, has announced that five security experts have become self-made millionaires through ethical hacking, also known as a white hat hacking. This announcement follows just months after the site revealed that teenage Santiago Lopez had made history by becoming the world’s first-ever white hat hacker to earn a million dollars from bug bounties.
The white hat hackers include Mark Litchfield from the UK, Nathaniel Wakelam from Australia, Frans Rosen from Sweden, Ron Chan from Hong Kong, and Tommy DeVoss from the US. Litchfield’s achievement makes him the first Brit to hit this milestone.
“Hacking can open doors to anyone with a laptop and curiosity about how to break things,” said Litchfield. “I hope our achievements will encourage other hackers, young and old, to test their skills, become part of our supportive community, rake in some extra money along the way and make the internet a much safer place for people.”
- Teen Becomes First Hacker to Earn $1M Through Bug Bounties
- White-Hat Hackers Earnings Sky-Rocket as Cyber Vulnerabilities on the Rise
- ‘Hacker-for-hire’ Sentenced for Cybercrime Offences
Over the past year on average, bug bounty payments for vulnerabilities have increased 65%, this rise has been driven by the fact that 25% of all resolved security flaws have been classified as high to critical severity. Companies such as Google, Microsoft, Apple and Intel offer some of the most competitive bug bounty programmes in the world, with awards as high as $1.5 million for critical issues.
All of the six millionaires have been reporting their finds through bug bounty programmes run by HackerOne, which is supported by six of the top ten banks in North America, the US Department of Defences, Goldman Sachs, Spotify and Airbnb.
The site’s members have increased 90% over last year, having earned $21 in the past year. According to the platform, a top researcher can earn over 40 times the annual median wage in Argentina and more than six times that of Sweden.
HackerOne’s announcement coincides with the release of its Hacker-Powered Security Report 2019, which asserts the industry is gaining strong momentum. The report states that more than 123,000 unique valid vulnerabilities have been resolved through the platform to date, with 25% of those – 30,541 – resolved in the past year alone, which equates to a hacker reporting a vulnerability every five minutes.
However, research released in January by MIT research suggests that it is much more difficult to make good money as a white hat hacker and asserts that they could earn a better living as pen testers or in-house researchers.
In contrast, MIT’s study found that the top seven participants in the Facebook program made just $34,255 per year from an average of 0.87 bugs per month, while from the entire HackerOne dataset it was estimated that participants made just $16,544 from 1.17 bugs per month.
HackerOne has countered this arguing that the data analyzed in the study was not representative.