Anyone who acts as an ethical hacker and reports discovered security gaps to the bug bounty platform Hackerone can earn a lot of money. The platform has now announced that it has now distributed 100 million dollars in awards.
Hackers Have Submitted Almost 200.000 Valid Vulnerability Reports
The annual report shows that half million security researchers are now registered for the platform. New members are to be added every hour. According to their own statements, the amount of payments increases by 80 percent annually.
On the corporate side, Hackerone currently has many important customers, which offer their own disclosure programs there. These include large companies such as Yahoo and Snapchat. Not all companies are involved to pay a bug bounty for reported vulnerabilities. But that is also not mandatory and is also not decisive for the success of a program on Hackerone.
Companies generally decide for themselves whether and how much bounties they want to pay out. That was different in the initial phase. A team of Hackerone experts decided how much money a vulnerability should be worth. For customers, Hackerone is simply the next logical step to improve security even further. It also communicated with the message to the outside world. But for many companies and projects, the mass of incoming security reports is a major challenge. Smaller projects in particular can quickly be overwhelmed. In addition, errors are always reported that are created in the design of a project or are outside the program.
Security researchers can initially act under a pseudonym on Hackerone. They only have to provide their personal data such as name and address when a company actually pays a bug bounty for billing purposes. Hackerone then also takes care of the settlement of the payments and keeps a commission for the main source of income for the company.Hackers claim to have acquired their knowledge themselves through online research. Some of them attended a course in this direction.