HackerOne, which focuses on buy bounty solution, released the 2020 Hacker Report (opens in new tab) earlier this week, and for this year's installment it highlighted the increasing viability (or at least a decent source of supplemental income) associated with hacking as a career.
Let's begin with a caveat. Of course HackerOne would promote hacking as a viable way of making some money. It operates a platform through which other companies are able to run bug bounty programs that pay researchers for new vulnerabilities. We doubt it would actively discourage people from pursuing that line of work.
- Kr00k security flaw (opens in new tab) exposes Wi-Fi traffic of Raspberry Pi, MacBooks, Routers and More: What to Do
- Intel claims it doubled down on fixing security bugs in 2019 (opens in new tab)
That being said, HackerOne did at least explain why it believes hacking is becoming more lucrative in its 2020 Hacker Report. It said people earned nearly $40 million via its platform in 2019, which is the most it's seen to date, and that seven hackers each brought in $1 million a piece for the vulnerabilities they found. According to the report, the "potential earnings power" of a hacker is "well above today's global average IT salary of $89,732."
HackerOne also said that 78% of its platform's members are "using their hacking experience to help them find or better compete for a career opportunity," (which, honestly, sounds a bit ominous). It added that "nearly 40% of hackers devote 20 hours or more per week to their search for vulnerabilities" and that 18% do so full-time.
This growth makes sense. Companies have become increasingly willing to run public bug bounty programs so they can better secure their products in recent years. See: Apple starting a public bug bounty (opens in new tab) program, Google paying out more (opens in new tab) via its programs each year and Microsoft introducing more programs (opens in new tab), among other things.