Six ethical hackers become millionaires reporting bugs via the HackerOne platform
The platform has awarded $21 million to hackers in the year for finding and reporting security bugs
Six ethical hackers have become millionaires by finding security flaws and reporting them via the bug bounty programmes managed by HackerOne.
In a blog post, HackerOne revealed that almost 5,000 security bugs have been discovered across various companies and organisations, by just these six hackers.
Earlier in March, HackerOne announced that Santiago Lopez, a 19-year-old hacker from Argentina, became the first individual in the world to become a millionaire by reporting security vulnerabilities via its platform.
To date, Lopez has discovered 1,676 bugs in online resources belonging to companies like Verizon, Twitter, Automattic, and even the US government. Lopez has now been joined by five others hackers in this elite club.
"The latest hackers to bank $1 million in bounties are Mark Litchfield (@mlitchfield) from the UK, Frans Rosen (@fransrosen) from Sweden, Nathaniel Wakelam (@nnwakelam) from Australia, Ron Chan (@ngalog) from Hong Kong, and Tommy DeVoss (@dawgyg) from the US," HackerOne said.
It added that ethical hackers report a vulnerability via its platform "every five minutes" and that a hacker partners with an organisation on the platform "every 60 seconds".
An amount of about $21 million has been awarded to hackers via HackerOne in the past one year, up from $10 million a year ago.
Hackers from the US, India and Russia dominate the earnings, accounting for about 36 per cent of the total amount awarded via HackerOne's bug-bounty programme.
The platform is currently the number one, hacker-powered bug-bounty platform in the world, and awards a monetary award to hackers for finding and reporting a security vulnerability to an organisation so that it can be safely resolved before it is exploited by cybercriminals.
HackerOne's 2019 Hacker-Powered Security Report published yesterday also revealed that hackers today are finding more severe security vulnerabilities than ever before.
In the past 12 months, 25 per cent of all resolved vulnerabilities were rated as high to critical severity by experts.
The average bounty paid to hackers for finding critical vulnerabilities across all industries increased to $3,384, up 48 per cent over last year's average of $2,281.
In 2016, the average bounty paid was $1,977.
The bug bounty programmes of leading tech companies like Microsoft, Google, Intel and Apple today are offering individuals bounties as high as $1,500,000 for reporting critical issues.
Earlier this month, Apple announced that it was increasing its maximum bug bounty from $200,000 to $1 million in a bid to ensure security researchers turn-in any security flaws they find to Apple - rather than selling them on the grey market.
Last year, Microsoft also opened up a bug bounty program, offering up to $250,000, for finding major, Meltdown and Spectre-level security bugs.
Also last year, Google updated its highly regarded bug bounty scheme - tweaking the criteria and increasing the financial rewards.