Young Pros Eye Bug Hunting
November 15, 2017
Inside the Mind of a Hacker 2.0 has provided insight into the
demographics and motivations of the bug hunting community. The second
annual report demonstrates that the growing adoption of bug bounty
programs (up 77 percent over 2016) has provided increased opportunities
for global professionals to earn a living through bug hunting.
“What motivates me? Contributing towards a safer cyber-world for
everyone,” said Mongo, top performing security researcher for Bugcrowd.
“The technical challenge aspect attracts me too. Looking for and finding
different ways to ‘break’ things has a strange appeal.”
According to this year’s report, there is a fast-growing community of
hackers helping combat cyberattack. Representing 216 countries (up 93
percent over last year), the Crowd is comprised of a group of young,
educated (82 percent have completed some form of higher education)
professionals. More than half hold full-time jobs, including penetration
tester, security consultant, security engineer, or software engineer;
while 19 percent are full-time bug hunters, up 26 percent over the
“With Bugcrowd, Atlassian’s security team adds more than 65,000 external
cybersecurity researchers,” Matthew Hart, Security Engineer, Atlassian.
“This highly capable community is constantly testing our products, using
well-defined guidelines and a safe testing ground to perform their
The 2017 report identifies data-driven trends among Bugcrowd’s community
of more than 65,000 researchers. It also describes the five distinct
profiles of security researchers: Knowledge Seekers, Hobbyists,
Full-Timers, Virtuosos and Protectors.
Key findings include:
of the Youth: 71 percent of bug hunters are 18-29 years old, up from 60
percent last year, indicating more hackers are getting an earlier start.
Additionally, 82 percent have completed some form of higher education,
with 16 percent holding a master’s degree or higher.
•Leveling-up is a priority: A majority (62 percent) of the Crowd invest
their earnings from bug hunting back into their craft, spending it on
security tools and training, and 36 percent are driven by professional
•Up for a Challenge: 44 percent of bug hunters ranked “the challenge” as
a top motivator. They want to be among the security elite and get ahead
of their peers.
•Opportunity driven: 27 percent of the Crowd hope to become a full-time
bug hunter, giving them more opportunities to learn about different
business models and hack on various technologies.
“The pace of innovation has exponentially grown the attack surfaces
beyond the availability of capable cybersecurity professionals which has
left organizations open to destructive cyberattacks,” said Ashish Gupta,
CEO, Bugcrowd. “The best defense is a good offense. The Crowd fights
fire with fire. Committed to helping global organizations identify
vulnerabilities, this diverse community of talented security researchers
identifies vulnerabilities before adversaries can, expanding security
coverage for organizations and ultimately ensuring the safety of the