Bugbounty platform HackerOne has paid out more than $300 million to ethical hackers since its launch. The highest reward the company paid out to an ethical hacker this year was a ton. There is one ethical hacker who has already pocketed a total of more than four million dollars. So writes HackerOne in its "2023 Hacker-Powered Security Report.
The company says there are thirty ethical hackers who have earned one million dollars or more from HackerOne's bug bounty program. That's an incredibly handsome achievement since reporting a vulnerability earns an average of $500. Critical bugs and exploits, on the other hand, are a lot more lucrative: they usually fetch several thousand dollars each.
The report also discusses trends and expectations in the world of cybersecurity. Six in 10 ethical hackers (61 percent) say they will use hacking tools with generative artificial intelligence-also called GenAI-to find vulnerabilities in the near future. Furthermore, a large group of ethical hackers rely on GenAI to write better reports (62 percent), improve their coding skills (53 percent) and reduce language barriers (33 percent).
Security experts believe that finding technically talented personnel is going to be the biggest challenge for companies and organizations. Ethical hackers who uncover vulnerabilities will play an important role in preventing cyber incidents in the future. 70 percent of HackerOne's customers say ethical hacking has helped them do this in the past year.
More than half of customers (57 percent) think the misuse of zeroday exploits is the biggest threat to the organization. They are not as afraid of a cyberattack or data breach due to phishing (22 percent), threats to their own employees (12 percent), or an attack by foreign powers (10 percent).
Furthermore, researchers note that companies and organizations are increasingly quick to fix vulnerabilities and bugs. On average, it took 10 days last year to fix such security problems. In the public sector, recovery time improved by more than 50 percent this year.
"The report makes clear that hackers are investing in their skills to deal with new threats. The versatility of hackers and the impact of the vulnerabilities they uncover make them critical to how our customers anticipate and address risks," said Chris Evans, Chief Hacking Officer and CISO at HackerOne. He predicts that GenAI will play a prominent role in transforming the threat landscape.
