Broadly speaking, hackers come in two flavors. Those who are out to exploit a computer system and cause havoc for its operator and people who use it, and those who search for vulnerabilities in a system and then inform the operator in exchange for a cash reward.
The latter can make some serious dough from their work, too, with the top ones able to earn millions of dollars in the space of a single year.
HackerOne is a Silicon Valley-based company that partners with the global hacker community to track down security issues for its clients — via so-called “bug bounty programs” — before the vulnerabilities can be exploited by criminals.
A growing number of companies big and small are working with HackerOne to launch bug bounty programs so that flaws can be identified and fixed, thereby removing them as a potential threat to their business.
In its latest annual Hacker Report, HackerOne reveals just how well some ethical hackers have been doing.
In the last year alone, ethical hackers earned a staggering $40 million through the reporting of vulnerabilities to programs run by HackerOne, a huge increase from the $19 million earned in 2019. Nine hackers have earned over $1 million dollars on the platform since 2019, and one hacker passed the $2 million mark in 2020.
More and more ethical hackers from all over the world are signing up to bug bounty programs, with HackerOne having seen a 63% increase in the number of hackers reporting flaws in the last year alone. The company now has more than a million investigators on its books.
In May 2020, HackerOne reached the milestone of $100 million paid to hackers for vulnerability reports, of which 50,000 were made in the last year, with the company forecasting that hackers will earn a total of $1 billion in bug bounties within five years.
Payments for reported vulnerabilities can vary hugely as they depend largely on how dangerous the bug could be to a firm’s computer systems and overall operations if it were to be exploited by hackers with nefarious intentions.
For an example of how payment systems function with bug bounty programs, we can look at one operated by Sony that invites ethical hackers to search for vulnerabilities on its PlayStation platform.
According to data from 2020, payouts start at $100 for a low-rated vulnerability discovered on Sony’s gaming platform, with more valuable tiers offering minimum payments of $400, $1,000, and $3,000.
Discover a low-rated vulnerability on the PlayStation 4, for example, and you should receive a minimum of $500, with higher rewards worth a minimum of $2,500 and $10,000. The most critical vulnerabilities, meanwhile, will result in a payment of at least $50,000.