Survey of bug bounty hunters shows who pans for pwns

Enlarge / This is not what a hacker looks like. Except on hacker cosplay night. (credit: Getty Images | Bill Hinton)

Asking the crowd for help in fixing security problems is going mainstream. Microsoft, Facebook, and other tech giants have offered “bug bounties”—cash rewards or other prizes and recognition—to individuals discovering vulnerabilities in their products for years. (Ars even made it onto Google’s security wall of fame in 2014 for reporting a Google search bug, though we didn’t get a cash payout.)

But now, with even the government embracing “bug bounty” programs in an attempt to close vulnerabilities in systems before attacks happen, companies that manage “crowdsourced” vulnerability-disclosure programs are starting to move deeper into more conservative corporate territory. And as they do, companies like HackerOne, Synack, and Bugcrowd are placed in the position of having to convince people who view all hackers as security risks that their vulnerability hunters come in peace, just as the ranks of their “crowds” of would-be white hats swell.

To help cast a better light on its ranks, Bugcrowd today released numbers detailing the demographics of its 65,000-strong “crowd.” That release is buttressed by a survey of 500 sample members that offers some insight into who exactly signs up to participate in the public and private bug bounty programs run by the company. And the sketch the “Mind of a Hacker 2.0” report provides of the vulnerability-hunting community is one you might have pieced together on your own if you spent any time at a security conference lately: increasingly experienced and professional, diverse (at least from a national origin standpoint), highly educated, and mostly under 30.

Read 9 remaining paragraphs | Comments

Ars Technica

Post Author: martin

Martin is an enthusiastic programmer, a webdeveloper and a young entrepreneur. He is intereted into computers for a long time. In the age of 10 he has programmed his first website and since then he has been working on web technologies until now. He is the Founder and Editor-in-Chief of BriefNews.eu and PCHealthBoost.info Online Magazines. His colleagues appreciate him as a passionate workhorse, a fan of new technologies, an eternal optimist and a dreamer, but especially the soul of the team for whom he can do anything in the world.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.