Bug bounty platform HackerOne said six hackers on its platform each made at least a million dollars from ethical hacking in 2019.
Additionally, the number of hackers who earned at least $100,000 over the course of their ethical hacking careers tripled compared to 2018.
“That puts the potential earnings power of a hacking career well above today’s global average IT salary of $89,732,” said HackerOne.
In total, its community earned $40 million in bounties – almost as much as all previous years (2012-2018) combined.
Hacking is a viable career
HackerOne said hacking is a potentially lucrative career, and is showing immense growth.
“The concept of hacking as a viable career has become a reality,” said HackerOne.
“Not only are more hackers earning most or all of their income from hacking, they’re making a good living doing it.”
HackerOne said it has over 600,000 registered hackers and has had a total of over 150,000 valid vulnerabilities submitted – proof that ethical hacking’s popularity continues to rise.
Companies need to catch up
HackerOne said many organisations aren’t using ethical hacking to its full potential.
According to the platform, nearly two-thirds of hackers said they had found bugs, but chosen not to report them.
This was due to a variety of reasons, including “threatening legal language” posted on the organisation’s website, companies not having a channel through which to report findings, and companies being unresponsive to bug reports.
“Their reasons for hacking may vary, but the results are consistently impressing the growing ranks of organizations embracing hackers through crowdsourced security – leaving us all a lot safer than before,” said HackerOne.
Ethical hacking in South Africa
South Africa isn’t excluded from the benefits of ethical hacking, however.
In an interview with MyBroadband, security researcher Bright Gameli Mawudor explained how he accidentally uncovered a text file full of MultiChoice credentials on a misconfigured web server in the middle of a live demo.
Mawudor said that what he found was deeply troubling, and if he had been a malicious hacker, he could have done a lot of damage.
“I would have been able to use those credentials to log into the monitoring of live [sports] matches that were going on, [or] into the VPN and into the internal network,” said Mawudor.
From there, Mawudor said he could have shut down systems or manipulated live broadcasts.
Instead, he disclosed the issue to Multichoice.