India is fertile ground for test engineers
HackerOne’s report shows that being a white-hatted hat is very good in India, and top-notch white hats are up to 16 times more expensive than software engineers.
Apart from India, white hats can also ensure a comfortable life in other countries. Their average salary is 15.6 times the average salary of software engineers in Argentina, 8.1 times the average salary of software engineers in Egypt and 7.6 times of the average salary of software engineers in Hong Kong, and is 5.4 times the average wage of Philippine software engineers and 5.2 times the average wage of Latvian software engineers.
In developed countries, although there is not much difference between the average salary of white hat and the average salary of software engineers, the work of mining loopholes is still a sustainable industry.
For example, the average American white hat costs 2.4 times more than software engineers, 2.5 times more than Canadian software engineers, 1.8 times more than German software engineers and 1.6 times more than Israel’s software engineers. See the figure below.
HackerOne released a 40-page 2018 hacker report detailing statistics on a white hat and other vulnerability research.
The main findings of the report
If you do not have time to read the report, here are the key findings of the report:
⊛ 58% of bug bounty hackers are self-taught.
⊛ 37% of white-hat hackers say they hack as a hobby in their spare time (not their primary job).
⊛ About 12% of hackers on HackerOne make $20,000 or more annually from bug bounties.
⊛ Over 3% o bug hunters are making more than $100,000 per year.
⊛ 1.1% are making over $350,000 annually.
⊛ 13.7% say bounties earned represent 90-100% of their annual income.
⊛ India (23%) and the United States (20%) are the top two countries represented on the HackerOne platform, followed by Russia (6%), Pakistan (4%), and the United Kingdom (4%).
⊛ Nearly 1 in 4 hackers have not reported a vulnerability that they found because the company didn’t have a channel to disclose it.
⊛ US companies have paid over $15 million to bug hunters via HackerOne in 2017.
⊛ US bug hunters racked over $4.1 million in bug rewards, while Indian white-hat hackers earned over $3 million.
⊛ “Websites” was the overwhelming winner to the question of “What is Your Favorite Kind of Platform or Product to Hack?” with a 70.8% score.
⊛ “Money” was not the primary motivation for getting into bug hunting. It ranked only fourth.
⊛ XSS was the favorite vulnerability white-hat hackers liked to search for.
⊛ Almost 30% of respondents said they use Burp Suite for hunting bugs. Other ranked tools include:
Source: bleepingcomputer
