Top Bug Hunters Make 2.7 Times More Money Than an Average Software Engineer

An anonymous reader shares a report: A survey of 1,700 bug bounty hunters registered on the HackerOne platform reveals that top white-hat hackers make on average 2.7 times more money than the average salary of a software engineer in the same country. The reported numbers are different for each country and may depend on a bug bunter's ability to find bugs, but the survey's results highlight the rising popularity of bug hunting as a sustainable profession, especially in less developed countries, where it can help talented programmers live a financially care-free life. According to HackerOne's report, it pays to be a vulnerability researcher in India, where top bug hunters can make 16 times more compared to the average salary of a software engineer. Other countries where bug hunting can assure someone a comfortable living are Argentina (x15.6), Egypt (x8.1), Hong Kong (x7.6), the Philippines (x5.4), and Latvia (x5.2).

Some stats.

[140Mandak262Jamuna]

58% of bug bounty hackers are self-taught.

37% of white-hat hackers say they hack as a hobby in their spare time (not their primary job).

About 12% of hackers on HackerOne make $20,000 or more annually from bug bounties.

Over 3% o bug hunters are making more than $100,000 per year.

1.1% are making over $350,000 annually.

13.7% say bounties earned represent 90-100% of their annual income.

India (23%) and the United States (20%) are the top two countries represented on the HackerOne platform, followed by Russia (6%), Pakistan (4%), and the United Kingdom (4%).

Nearly 1 in 4 hackers have not reported a vulnerability that they found because the company didn’t have a channel to disclose it.

US companies have paid over $15 million to bug hunters via HackerOne in 2017.

US bug hunters racked over $4.1 million in bug rewards, while Indian white-hat hackers earned over $3 million.

"Websites" was the overwhelming winner to the question of "What is Your Favorite Kind of Platform or Product to Hack?" with a 70.8% score.

"Money" was not the primary motivation for getting into bug hunting. It ranked only fourth.

XSS was the favorite vulnerability white-hat hackers liked to search for.

(Clipped out some slashvertisement pitching something called burp suite. )