Today we released the 2019 edition of the Inside the Mind of a Hacker Report, highlighting the makeup of the bug hunting community to provide insight and understanding into who they are, what they like to do, their experiences, skillsets, as well as what motivates them. In the 2019 edition, we look at gender imbalance, hacking education and deep dives into the Bugcrowd Elite, MVP and Top 50 – all time Crowds.
- 81% of hackers say their experience bug hunting has helped them get a job in cybersecurity.
- 43% of hackers learned how to hack via online resources and blogs and 41% are self-taught.
- A mere 4% of the global hacking community are female; more than 91% are male.
- More than 20% of hackers aspire to be top security engineers or CISOs at large tech companies.
- 35% of the community say they currently collaborate with other hackers, and 50% expect to collaborate more in the next 12 months.
- 66% spend up to 10 hours per week bug hunting. That is significant given more than 50% of the hacker community bug hunts on top of a regular 9-5 job.
- The average yearly payouts of the top 50 hackers is $145,000 USD with over 600 valid submissions. The average submission payout per vulnerability across the platform is $783 USD.
A lot has changed over the past year, from increased payouts to different bug hunting motivations. We believe in the value of a vast, diverse hacker community that is made up of professionals who have their own skills and techniques. Bugcrowd welcomes both beginners and experienced hackers, and everyone in-between.
We launched Bugcrowd University this year, with a set of content focusing on high impact bugs and a methodology that will lead hackers to success in their particular style of bug hunting, whatever that might be. Hackers will continue to take advantage of more resources available to better their skills. Encouraging more diversity is a necessity for the evolution of the hacker community. Whether it’s building the global community through educational tools like Bugcrowd University or infiltrating infosec meetups. It needs to be deliberate. Employing a diverse range of information security pros can help companies to more effectively relate to the enemies trying to attack them.
Next year will be the year that larger groups of whitehat hackers around the world use crowdsourced security as their full time or primary source of income. In 2018 we saw this number increase slightly, but 2019 will be when bounties will grow across industries and create new opportunities for more hackers.
We’ll continue to see additional growth and diversification into sectors that haven’t seen wide adoption yet. This will necessitate continued growth in areas of specific skills (like IoT and embedded devices, etc.) to satisfy the increasing demand.
Programs will continue to compete for talent by increasing rewards and through special events like Bug Bashes. Combining the two will increase the earning potential for hackers and will drive interest from new potential bug bounty hunters. Increased government adoption will drive growth as well. With the Hack the Pentagon program phase 2 launch, combined with the wind up for the 2020 Presidential Election in the US, we should see a lot of interest in bug bounties in particular.
As platform support for teaming and reporting is more widely adopted, look for teams of hackers to grow their skills through mentorship and collaboration. Organizations continue to add complex targets to their scope, at the same time adding more value to securing their assets via their bounty offering. The more complex a target and the more critical a vulnerability, the higher the price tag. Whitehat hackers are recognizing this and responding by teaming up to get more eyes and creativity on difficult targets.
To find out more information about the whitehat hacker community, download our 2019 Inside the Mind of a Hacker Report.