Over the past four years that we’ve been helping organizations connect with the world’s top security talent to run crowdsourced security programs, a lot has changed. In our recent State of Bug Bounty Report, we examine that change with proof that more traditional organizations adopting the bug bounty model, more private programs being run, and so on and so forth.

The crux of that change, however, lies in the community. Whether you call them hackers, bug hunters, or security researchers, they make the bug bounty world go ’round. As this niche grows and evolves from the small group it once was, it is becoming more nuanced, and the motivations of bug hunters vary widely.

Although we work closely with this community day in and day out, it’s easy to make a lot of assumptions about researchers, which is why this summer we set out to gain more insight into the bug bounty community.

It is our hope that through this report, bug hunters, prospective hackers, CISOs, mom and dad (we’ve all tried to explain hacking to them..), and everyone in between will have a better understanding of this group. This report aims at providing…

  • a snapshot into the demographics of the Bugcrowd community as a whole
  • an examination of distinct motivators of bug hunters 
  • considerations of how bug bounties can encourage different kinds of bug hunters and the community as a whole

We encourage bug hunters to read the report to learn more about your fellow bug hunters, and bounty program owners and managers can use this as an opportunity to learn how to improve your programs and create engagement with this skilled and vibrant community. While we don’t see this as an all-inclusive report on all aspects of the security researcher community, we do believe this an exciting first look at bug bounty hunters, some of their motivations, and the factors in play when they choose the bug bounty programs they work on.

Along with this report, we’ve gathered interviews with members of the community to provide a more personal glimpse into the mind of a hacker. We hope you enjoy this experience, and we welcome all and any feedback at hello@bugcrowd.com.

Many thanks to the Bugcrowd community and the entire bug bounty community at large for their help in creating this report and for their support of Bugcrowd. It has truly been a pleasure to work with such fun, hardworking, inspiring and creative people. Bugcrowd wouldn’t be here without you.