Tomohiro Ohsumi/Getty Images
show image

HackerOne pays out more than $100m in bug bounties to ethical hackers

The ethical hacking platform HackerOne has now handed out more than $100m in bug bounties since its inception in October 2013.

The platform, which claims to be the world’s largest community of hackers, and pays people to find vulnerabilities in its clients’ systems, has seen rapid growth in the last year, with nearly half of the earnings awarded over the last 12 months and $5.9m paid out in April alone.

Mårten Mickos, who joined the company as chief executive in 2015, said that he was “shocked” that the community had surpassed the nine-figure milestone so soon. “Of course we’ve known all along that there will come a day when we are at the one hundred million mark, but we never really envisaged it,” he told NS Tech. “We’ve averted a lot of breaches through our work and we’ve made thousands of hackers very happy.”

One of those hackers in Santiago Lopez, who last year become, at age 19, the first person to earn $1m through the platform. “I am incredibly proud to see that my work is recognised and valued,” Lopez told NS Tech at the time.

A total of 750,000 people have now signed up to the platform, but only one per cent have earned money through it. Defending the small percentage of money-making hackers, Mickos compares it to football, with only elite players progressing through to the professional ranks. “It’s a model that fosters good behaviour and gives young people a moral compass to know what’s right and wrong and the best of them will advance to a level where they make real money,” said Mickos.

The platform has nearly 2,000 customers in business and government, including Google, Goldman Sachs, Twitter, Microsoft, the US Department of Defense and the UK’s National Cyber Security Centre, which has invited the community to scour its website for weaknesses.

The impact of coronavirus

Mickos said the company doesn’t “fully know yet” what impact the coronavirus crisis will have on its business. The company hit 90 per cent of its “very ambitious” sales target in the last quarter, according to Mickos, who predicts the next quarter “will be worse” but that it “may come back”.

“We have customers who are suffering,” he said. “We have customers that are airlines, hotel chains, that are clearly in deep trouble right now so we are going to lose some revenue… We have other customers that are doing incredibly well: Zoom, Slack, the telcos, the cloud platforms.”

He added: “We cannot fully know [the effects yet] but it will be bifurcated; the negative effect of the crisis is that it exacerbates the difference between the haves and the have-nots. If you have a business that benefits, it will be amazing. If you don’t have such a business, you are laying people off. If you can work from home, it’s great for you. If you work in a physical capacity, you have no choice. The effects on society will be stark because the income disparity will broaden.”

Mickos predicts that within five years, HackerOne, which has 300 staff stationed in the US, UK and the Netherlands, will have paid out a billion dollars worth of bounties. “This whole notion of exposing software to public scrutiny is so powerful. Everyone will be doing it.”