SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Story image
HackerOne hits $100M milestone with bug bounties
Thu, 28th May 2020
FYI, this story is more than a year old

Hacker powered security platform, HackerOne, has announced that users have earned $100 million in ‘bug bounties'.

A bug bounty is a monetary reward received by a hacker who finds and reports a valid security weakness to an organisation so it can be resolved and digital assets secured.

The platform is built on a growing community of ethical hackers to protect against data breaches, cybercrime and privacy breaches.

HackerOne states that nearly half of bounty earnings awarded in the past year alone. Overall, S100M is a significant milestone that highlights a growing community that is addressing the growing security needs of an increasingly interconnected society, the company states.

Significantly, in October 2013, $30,000 was paid to hackers across the globe, and in April 2020 $5.9 million was paid to hackers worldwide.

The company also noted other wins. Such as the fact that 84 new hackers are signing up to the platform every hour, that $6,000 is paid out in bounties every hour and 170,000 vulnerabilities have been uncovered in nearly 2,000 customer programs.

The company states this is a prime time for companies to be looking for a holistic and effective approach to security, as they look to expand into new markets, ship new products and services, add customers, release mobile offerings, process new forms of payment, increase web assets and more.

HackerOne CEO Marten Mickos says, “We are building a community able to test and vet every piece of our digital connected civilisation.

“$100 million is a number that attracts the best hackers, providing companies and governments unmatched ROI, significantly reducing the risk of data breach.

“We have arrived at the point in history where you are ignorant and negligent if you do not have a way to receive useful input from ethical hackers. In this new world of ever-evolving threats, the only way to get ahead is to get transparent. Openness, not secrecy, is the way forward.

By partnering with willing organisations, trusted hackers are an extension of any security team and earn up to 36% more than they would as a software engineer in their home country.

For companies, working with the largest, most active community of hackers allows them to be proactive about their security strategy in an efficient and cost effective way.

Elite hacker Frans Rosen says, “Some of my favorite highlights are absolutely the interactions with the people on the other side, and reactions to some of the bugs I've found.

“When the CISO of a company calls me up in the middle of the night to understand the severity and panics when he realises the impact. When I build a little game to show the impact of a bug and the company responds with "this is the best game ever, we've played it all day in the office."

“On live hacking events, when you submit a really critical bug and the team of the company fills the room afterwards to understand exactly what happened. I live for the reactions since I understand myself how I would feel to get the same kind of report myself.

HackerOne co-founders Jobert Abma and Michiel Prins say, “We started out as a couple of hackers in the Netherlands with a crazy belief that hackers like us could make organisations safer and do it more efficiently and cost-effectively than traditional approaches.

“$100 million in bounties later, maybe this idea isn't so crazy after all. Thank you to all the hackers who have made the internet safer one vulnerability at a time. Hacking is here for good, for the good of all of us.