2018 Predictions: It Takes a Crowd

At the end of 2017 we asked our researcher community what changes they predicted for the bug bounty space in the year to come.

The response was overwhelmingly the same: more companies adopting bug bounties across company size and industry vertical. One researcher wrote that 2018 would be “similar to this year (2017), more companies and more enticing rewards.” Another wrote “definitely more companies starting bug bounty programs, higher payouts, more competition, etc.” One researcher went so far as to say that by the end of 2018 “each and every company and agency will launch bug bounty programs.”

But the predictions went deeper than that. As another member of our community put it:

In 2018, we’ll see “companies going further in the way they deliver their programs. Perhaps personal engagements with their best hunters, corporate events. Treating hunters as not just someone-from-the-internet.”

This is reflective of the trends we already began to see in 2017. As the bounty model matures more organizations are embracing the white-hat hacker community. But this is not just a US trend. This expansion is expected across the globe, with a growing focus on security driving adoption of the bug bounty model.

“Many companies in Europe are about to start taking security more seriously due to GDPR, which will force all organisations handling PII to at least take some care of their IT security. A smooth process helping European companies to open up bounty programs could become a huge deal during 2018.”

Following up on our 2017 Inside the Mind of a Hacker report, we asked our Twitter community how they thought hacker motivations would change in 2018.

@AmitElazari, doctoral candidate at UC Berkeley Law, wrote: “I hope hackers will care about legal risks and safe harbors and vote against companies with bad terms.”

According to @StreamingFeed, “it will be more of the same.” @rjhigham elaborated on their motivations, writing that “motivation will always be notoriety, autonomy, self-respect, power, money… specifically though… breaking bitcoin, automobiles, and oh ya… more phishing”


And while I (maybe unsurprisingly) predicted that “2018 will be a huge year for bounties” I was not alone in this sentiment. @StegoPax added “Totally agree.”If you’re a researcher reading this, gear up for a big 2018. We’ll need your skills and your time, we’ve got a ton of challenging and exciting bounties on the horizon for you this year.

For more predictions read below or follow us on Twitter @bugcrowd.

#CyberPredictions Twitter Campaign

Interested in learning more about what our researcher community thinks and what motivates them? Check out our Inside the Mind of a Hacker 2.0 Report.


Senior Community Manager at Bugcrowd. Sam's passionate about working to foster the best researcher community on the web. Prior to joining the security industry Sam worked for Couchsurfing, Electronic Arts, Playfish, and gamerDNA.