programmer (nullplus/

What drives white-hat hackers?

Security researchers who participate in bug bounty programs are highly coveted recruits for both industry and government agencies. To find out more about them, Bugcrowd, a provider of a crowdsourced security platform for bug bounty, vulnerability disclosure and pen testing programs, conducted a survey of nearly 3,500 security researchers worldwide who use its service.

The survey revealed that more than half live in urban environments and three out of four speak multiple languages. Surprisingly, they don’t hunt bugs for the money, which could be good news for agencies on tight budgets looking to hire more cybersecurity staff.

More than 60% reported pulling down a median annual income of just $25,000 or less, though many also said they only chase bug bounties on a part-time basis. Flexible hours and improved skills were also cited as motivations, as was the chance to solve difficult problems.

According to the survey, higher education is an important feature for many security researchers and their families. They're most likely to have obtained a college degree (49%), have parents who have done the same (36%) and are three times less likely to drop out than their parents. The survey data "suggests most security researchers are degree-qualified because they come from educated families that value the acquisition of worldly knowledge, skills, values, beliefs and habits."

The report predicts that over the next six months, cybercriminals will exploit the widespread shift to remote telework in the wake of the COVID-19 pandemic, increasingly targeting vulnerable infrastructure through expanded reconnaissance activities and asset discovery. That in turn will lead to organizations boosting their reliance on artificial intelligence, although 78% of survey respondents said AI-powered cybersecurity solutions alone aren’t enough to outmaneuver cyberattacks over the next decade

"This gap between automation and human adversarial creativity suggests organizations will increasingly seek to augment their human expertise in securing their assets via crowdsourcing, the most efficient and practical approach to finding available talent," the company said.

A longer version of this article was first posted to FCW, a sibling site to GCN.

About the Author

Derek B. Johnson is a former senior staff writer at FCW.


  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected