The Journey in Data: HackerOne Hits 100 Million Dollars in Bounties
Yesterday, hackers on HackerOne hit a major milestone: they have earned a total of $100 million in bounties over the past 8 years, with nearly half in the past year alone!
The road to $100 million has been exciting, surprising and, most of all, rewarding. Powering this number is an incredible community of more than three quarters of a million contributors who work relentlessly to defend the critical infrastructure of thousands of customer programs.
Let’s take a look at some of the numbers that have taken us to the $100 million milestone:
$475
The amount of the first bounty earned from a report submitted by deepak194 to Verizon Media on Halloween 2013. Total pay-outs in October, 2013 totalled $30K. In April, 2020, it was a whopping $5.9 million!
140
The number of new hackers that sign up to the platform every 100 minutes. 43% of hackers are self taught, underscoring the importance of having a community and online resources.
$10K
The amount of bounties paid out on the platform every 100 minutes. In 2019 alone, hackers earned nearly $40 million in bounties, almost equal to the entire amount awarded in all prior years combined.
40
The number of reports submitted every 100 minutes. Over 170,000 vulnerabilities have been reported and fixed by hackers over the past seven years.
200
The number of hacker interactions every 100 minutes. Nearly 40% of hackers devote 20 hours or more per week to their search for vulnerabilities and 18% describe themselves as full-time hackers.
18,871
The number of bounties that were exactly $100. The average bounty on the HackerOne platform is $771.
3,673
The number of reports submitted by @todayisnew, the most reports submitted by a single hacker on the platform
$1,450
The first bounty that was split by @fransrosen. Since then, many community contributors have worked together to overcome challenges creatively. Frans says about bug hunting “a bug bounty program becomes great when the reporter and the company interact with each other, treat each other as peers, communicate and collaborate to solve and come up with solutions together on how to mitigate the issues found completely. When companies treat the hackers as an extension to their own team, that's when you really get the benefit for both parties.”
$90K
The global average IT salary. 8 hackers have passed the $1 million earnings milestone with 13 more hitting $500,000 in lifetime earnings. 146 hackers have earned $100,000, up from 50 last year.&
6.5
Number of years @stefanofinding has been hacking. Stefano was the hacker who earned the final bounty to take the community over $100M in bounties earned.
“I started participating in bug bounty programs in December 2013 and it has been my main income since January 2014,” said Stefano. “HackerOne has played an important role in me being able to make a living out of it because most of the bounties I have received were through HackerOne. Reaching 100 million in bounties paid means that you are part of the stories and lives of people around the world, like mine. It makes me hopeful to think that there is a guy/gal in some remote country that finds HackerOne as a way to achieve his/her dreams, or as an escape from his/her reality, or at least as a way to make some extra money. This is good news for the ones starting out now and for the ones that have been participating since day one. Looking forward to the first billion!”
Over the past few years, the hacker community has represented a global force for good that has benefited thousands of companies. Hackers are here for good. Their reasons for hacking may vary, but the results are consistently impressing the growing ranks of organizations embracing hackers through crowdsourced security. So a BIG thank you to our hackers for continuing to work with us to secure the internet. We can’t wait to see how fast we’ll reach the next $100 million!
The 7th Annual Hacker-Powered Security Report