hack'er/'ha–ker/ noun one who enjoys the intellectual challenge ofcreatively overcoming limitations At HackerOne, we agree with Keren Elazari: hackersare the immune system of the internet. Just like weneed the Elon Musks to create technology, we need theKerens and the Mudges to research and report wherethese technological innovations are flawed.The internet gets safer every time a vulnerability isfound and fixed. The HackerOne community of securityresearchers are doing their part day in and day out todo just that: hunt the issues and responsibly report therisks to organizations so they can be remediated safelybefore being exploited by criminals. The community isstrong and it is growing: we’ve seen a 10-fold increasein registered users in just 2 years.With 1,698 respondents, The 2018 Hacker Report isthe largest documented survey ever conducted of theethical hacking community.As you read through the report, you will see the curious,tenacious, communal and charitable nature of thehacker community. One in four hackers have donated bounty money tocharity, many hackers share knowledge freely withother hackers and security researchers, and they havehelped the U.S. Department of Defense resolve almost3,000 vulnerabilities - without receiving a cash bounty.Executive Summary They report security vulnerabilities because it’s the rightthing to do.Hacking is being taught for college credit in top tieruniversities like UC Berkeley, Tufts, and Carnegie Mellon.Hackers around the world are earning more moneythrough bug hunting than ever before. Bounties are agreat equalizer with opportunity for all. Some hackersare earning over 16x what they would make as a full timesoftware engineer in their home country.While we have achieved much, there is much work to stillbe done. Most companies (94% of the Forbes Global2000 to be exact) do not have a published vulnerabilitydisclosure policy. As a result, nearly 1 in 4 hackers havenot reported a vulnerability that they found becausethe company didn’t have a channel to disclose it. Readthe “Companies are Becoming More Open to ReceivingVulnerabilities” section for more on this challenge andthe progress that’s been made to date.Consider this report a dossier on the vital members ofour modern digital society, hackers. Gain insights on thehacker mindset, see statistics and growth metrics ofwhere they are from, what vulnerabilities they find andeven get to know some of the individuals involved in theincredible bug bounty community. We are in the age of the hacker. Hackers are lauded as heroes,discussed daily in the media, villainized at times, and portrayedby Hollywood - anything but ignored.166K+TOTAL REGISTEREDHACKERS *As of December 2017 72K+TOTAL VALID VULNERABILITIESSUBMITTED $23.5M+TOTAL BOUNTIES PAIDKey FindingsBug bounties can be life changing for some hackers. The top hackers basedin India earn 16x the median salary of a software engineer. And on average, topearning researchers make 2.7 times the median salary of a software engineer intheir home country. Nearly 1 in 4 hackers have not reported a vulnerability that they foundbecause the company didn’t have a channel to disclose it.Money remains a top reason for why bug bounty hackers hack, but it’s fallenfrom frst to fourth place compared to 2016. Above all, hackers are motivatedby the opportunity to learn tips and techniques, with “to be challenged” and “tohave fun” tied for second.India (23%) and the United States (20%) are the top two countriesrepresented by the HackerOne hacker community, followed by Russia (6%),Pakistan (4%) and United Kingdom (4%).Nearly 58% of them are self-taught hackers. Despite 50% of hackers havingstudied computer science at an undergraduate or graduate level, and 26.4%studied computer science in high school or before, less than 5% have learnedhacking skills in a classroom.While 37% of hackers say they hack as a hobby in their spare time, about 12%of hackers on HackerOne make $20,000 or more annually from bug bounties, over 3% of which are making more than $100,000 per year, 1.1% are makingover $350,000 annually. A quarter of hackers rely on bounties for at least 50%of their annual income, and 13.7% say their bounties earned represents 90- 100% of their annual income. 。。。。。。