Popular bug bounty platform HackerOne is aiming to generate $100m in payments to ethical hackers for vulnerabilities they find and disclose through the site by 2020.
CEO Marten Mickos claimed in a blog post that the platform has already helped over 100,000 hackers to find and fix 50,000 vulnerabilities, resulting in pay-outs of more than $20m.
This so-called 'hacker-powered security' can help root out the bugs typically not found by automated tools and can end up saving the organization in question in the long-run – given the expense associated with hiring an outside auditing firm.
That’s part of the reason why even the US Department of Defense last year joined up and has been running various programs including Hack the Pentagon, Hack the Army and Hack the Air Force.
Most recently, Tor announced its own program with HackerOne in recognition of the millions of political dissidents, journalists and others around the world who rely on it to keep their browsing private.
In an example of some of the riches on offer for ethical hackers, Facebook announced in July that it is increasing the size of its Internet Defense Prize to $1m, while Microsoft launched a new Windows Bounty Program with a top pay-out of $250,000.
“Just a few years ago, bug bounty programs were the privilege of few cloud-based companies. The hackers powering them counted in the thousands, and rewards were modest. Today we stand here 100,000 hackers strong, with 50,000 vulnerabilities eradicated and $20 million in rewards distributed to the heroes of hacker-powered security,” explained Mickos.
“Soon we will have 1 million hackers, 200,000 vulnerabilities found and fixed, and $100 million paid out in rewards. The savings thanks to avoidance of data breaches will be on the order of $10 billion. This is huge, and it’s just the beginning.”