By Marten Mickos, CEO at HackerOne
One hundred million is an enormous number. Today we celebrate with all our hackers the phenomenal milestone of a hundred million dollars in bounties. Hack for Good! Yet we should know that we are only getting going. The digital world is not safe and secure yet. Much more work awaits us. We have one hundred million more bugs to find.
As of May 26, 2020, HackerOne has paid out $100,000,000 in rewards to hackers for their fantastic work in finding security flaws in software. Customers have fixed the holes, preventing cybercriminals from breaking in. Tens of thousands of ethical hackers all over the world have come together to harden our digital connected society. The one hundred million dollars they have earned in recognition of their creative work has paid for food, clothing, homes, vehicles, tuition, travel and pursuit of dreams long held. Software is better for hackers and hackers are better for the bounties.
There is another 100 million number. We estimate that there are around 100 million security vulnerabilities still out there in the wild. These are the holes through which criminals break-in as they look to steal data, install malware, disrupt vital operations, distort facts, or threaten democracies. It will take years to find and fix all those bugs. But it also will happen. Although it is early days, we can already see that hacker-powered security is an order of magnitude or two stronger than all the power of blackhats, criminals, and nefarious nation-states. Time is on the side of good hacking. When we pool our resources and defend ourselves together, there is no adversary that can outpower us.
So far in our history, HackerOne has delivered about 170,000 valid vulnerability reports to its customers. It is impossible to know exactly how many cyber breaches have thereby been averted but we can estimate that it is thousands or perhaps over ten thousand. With the average cost of breach somewhere around $8 million, the savings are in the tens of billions.
Hacker-powered security has already made the world much more secure. And with three-quarters of a million of hackers signed up, we are making sure we have the capacity to keep finding vulns and helping customers even as the volume of software keeps increasing at a tremendous rate. With a community that size, we represent the creative and inquisitive power of around 65 quadrillion neurons. There is no cybersecurity challenge that a large group of human brains acting towards a common goal cannot tackle.
The international community of hackers is creating a movement the world hasn’t seen before. Hacking is a philosophy, a mindset, and a way of life. They are motivated by the challenge, learning, protecting information, helping others, financial benefits and simply doing good in the world. The professional benefits shine through in our 2020 Hacker Report, with 44% saying they hack to help advance their own careers. In fact, I have a few predictions for what this community’s future holds.
- Within the next 15 years, we expect to have produced over 500 Chief Information Security Officers (CISOs) out of our hacker ranks. These skilled and motivated people will help reduce cyber risk in key commercial enterprises and government agencies.
- As a result of their creativity and tenacity, we predict hackers will have earned $1 billion in bug bounties within five years, protecting companies and governments alike from persistent and ephemeral threats.
With the COVID-19 crisis hitting the world, there are suddenly many more digital assets exposed to cyber threats, yet much fewer budgets to spend. How do you manage your security operations in such challenging environments? Defense must grow but costs must shrink. The answer is hacker-powered security. The best hackers in the world stand ready to help you. You get their full brainpower, but you share the cost burden with other customers. What you pay is only the exact fraction that is serving you.
The return on investment (ROI) of this model is out of this world. Hacker-powered security has saved the world billions in cyber breaches that did not get to happen, yet it has cost only $100 million in bounties so far.
Let us today celebrate the bounties paid. The heroes in all of this are the hackers. They have learned their trade on their own. They are voluntarily helping companies, governments, you, and me. Customers have paid $100 million in rewards for their finds. That enormous amount of money has already started to change society. Smart people all over the world are seeing an opportunity that they previously did not have access to. Hacker-powered security is not only making the software applications of companies and governments more secure. It is also democratizing and spreading economic opportunity around the world to everyone with that particular type of curiosity and tenacity.
Hackers win, companies win, governments win – and we all win. With the vital help of hackers, we are on a path to building a digital civilization with privacy, safety, security and trust built-in. When we hack for good, we will have a future we can depend on and thrive in.
About the Author
- Marten Mickos is the CEO of HackerOne. Previously, Marten served as CEO at Eucalyptus, a cloud software company acquired by HP where he then served as the SVP of the cloud division. Before that, he was CEO of MySQL, an open-source database company acquired by Sun Microsystems for $1 billion in 2008. At Sun he served as SVP of the database division.