This post was originally published on this site is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to

Like a Boss Meme

A survey of 1,700 bug bounty hunters registered on the HackerOne platform reveals that top white-hat hackers make on average 2.7 times more money than the average salary of a software engineer in the same country.

The reported numbers are different for each country and may depend on a bug bunter’s ability to find bugs, but the survey’s results highlight the rising popularity of bug hunting as a sustainable profession, especially in less developed countries, where it can help talented programmers live a financially care-free life.

India is the best place to be a bug hunter

According to HackerOne’s report, it pays to be a vulnerability researcher in India, where top bug hunters can make 16 times more compared to the average salary of a software engineer.

Other countries where bug hunting can assure someone a comfortable living are Argentina (x15.6), Egypt (x8.1), Hong Kong (x7.6), the Philippines (x5.4), and Latvia (x5.2).

But bug hunting is also a sustainable profession in developed countries as well, though the differences between average yearly bug bounty payouts and a software engineer’s average salary are far smaller.

For example, a top bug bounty hunter makes 2.4 times more than the average software engineer in the US, 2.5 times than one in Canada, 1.8 times more than one in Germany, and 1.6 times than software engineers in Israel.

HackerOne salary comparissons/multipliers

More details about the profession of bug bounty hunting and other vulnerability research statistics are available in HackerOne’s 40-page 2018 Hacker Report.

If you don’t have the time to peruse through the report, below are some of its key findings:

⊛  58% of bug bounty hackers are self-taught.
⊛  37% of white-hat hackers say they hack as a hobby in their spare time (not their primary job).
⊛  About 12% of hackers on HackerOne make $20,000 or more annually from bug bounties.
⊛  Over 3% o bug hunters are making more than $100,000 per year.
⊛  1.1% are making over $350,000 annually.
⊛  13.7% say bounties earned represent 90-100% of their annual income.
⊛  India (23%) and the United States (20%) are the top two countries represented on the HackerOne platform, followed by Russia (6%), Pakistan (4%), and the United Kingdom (4%).
⊛  Nearly 1 in 4 hackers have not reported a vulnerability that they found because the company didn’t have a channel to disclose it.
⊛  US companies have paid over $15 million to bug hunters via HackerOne in 2017.
⊛  US bug hunters racked over $4.1 million in bug rewards, while Indian white-hat hackers earned over $3 million.
⊛  “Websites” was the overwhelming winner to the question of “What is Your Favorite Kind of Platform or Product to Hack?” with a 70.8% score.
⊛  “Money” was not the primary motivation for getting into bug hunting. It ranked only fourth.
⊛  XSS was the favorite vulnerability white-hat hackers liked to search for.
⊛  Almost 30% of respondents said they use Burp Suite for hunting bugs. Other ranked tools include:

Favorite bug hunting tools

At L Technology Group, we know technology alone will not protect us from the risks associated with in cyberspace. Hackers, Nation States like Russia and China along with “Bob” in HR opening that email, are all real threats to your organization. Defending against these threats requires a new strategy that incorporates not only technology, but also intelligent personnel who, eats and breaths cybersecurity. Together with proven processes and techniques combines for an advanced next-generation security solution. Since 2008 L Technology Group has develop people, processes and technology to combat the ever changing threat landscape that businesses face day to day.

Call Toll Free (855) 999-6425 for a FREE Consultation from L Technology Group,