HackerOne Announces Five New $1m White Hats
The UK has its first $1 million white hat hacker, after bug bounty platform HackerOne announced five new security researchers had reached the milestone.
The five millionaire hackers are: Mark Litchfield (@mlitchfield) from the UK, Nathaniel Wakelam (@nnwakelam) from Australia, Frans Rosen (@fransrosen) from Sweden, Ron Chan (@ngalog) from Hong Kong, and Tommy DeVoss (@dawgyg) from the US.
They join 19-year-old Argentinian Santiago Lopez, known as @try_to_hack, whose efforts were announced back in March.
“Hacking can open doors to anyone with a laptop and curiosity about how to break things,” said Litchfield. “I hope our achievements will encourage other hackers, young and old, to test their skills, become part of our supportive community, rake in some extra $$$s along the way and make the internet a much safer place for people.”
Some $21m has been paid out via HackerOne to researchers over the past year, an increase of $10m on the previous 12 months.
The platform claimed that Russian, Indian and US researchers account for over a third (36%) of awarded bounties. However, as today’s news illustrates, there are clearly opportunities for white hats from all regions.
HackerOne claimed a top researcher can earn over 40 times the annual median wage in Argentina and more than six times that of Sweden.
However, MIT research released in January painted a different picture, revealing that it’s difficult to make good money as an ethical hacker and that talented white hats could live better as pen testers or in-house researchers.
It studied 61 HackerOne bounty programs over 23 months — including ones run for Twitter, Coinbase, Square and Facebook.
The top seven participants in the Facebook program made just $34,255 per year from an average of 0.87 bugs per month, while from the entire HackerOne dataset it was estimated that participants made just $16,544 from 1.17 bugs per month.
HackerOne argued in response to Infosecurity that the data analyzed in the study was not representative.
Source: Information Security Magazine