Careers & People

12/5/2017
12:20 PM
Steve Zurier
Steve Zurier
Slideshows
Connect Directly
Twitter
RSS
E-Mail
50%
50%

6 Personality Profiles of White-Hat Hackers

From making the Internet safer to promoting their security careers, bug bounty hunters have a broad range of motivators for hacking - most just like the challenge.
Previous
1 of 7
Next

Image Source: napocska, via Shutterstock

Image Source: napocska, via Shutterstock

When the general public thinks of "hackers," top-of-mind thoughts include cybercriminals breaking into large retail stores like Target or Home Depot or state-sponsored hackers from adversary nations such as China, Russia, Iran, and North Korea. The bug bounty movement has been working hard over the past several years to raise the profile and improve the perception of white-hat hackers. While white-hat hackers have been around for a couple of decades, new bug bounty companies such as Bugcrowd and HackerOne have legitimized the work of white-hat hackers. The US Department of Defense has even bought in during the past year by starting a bug bounty program of its own.

Already, Bugcrowd customers have paid out more than $10 million in bounties and HackerOne has topped $20 million.

“While someone living in New York or San Francisco would have to earn at least $100,000 to do bug hunting full-time, for people in places like the Philippines, something like $300 a month can be enough to survive on,” said Sam Houston, senior community manager at Bugcrowd. “The vast majority of Bugcrowd users are based in the United States and India, but more and more we are getting people from around the world from places like Egypt, Morocco and Turkey.”

According to a recent Bugcrowd report, Inside the Mind of a Hacker 2.0, the company lays out five profiles of white-hat hackers. The categories range from people who are attracted to hunting bug bounties to make the Internet safe to those who do hacking full-time as a vocation. HackerOne, which added a sixth trait, reports in The Hacker-Powered Security Report 2017 that the average bounty paid to hackers for finding a vulnerability reached $1,923 in 2017, up 15% from $1,631 in 2015.

Based on interviews with Bugcrowd’s Houston and Michiel Prins, co-founder of HackerOne, we developed a list of six traits of hackers that we think our readers will find familiar. 

 

Steve Zurier has more than 30 years of journalism and publishing experience, most of the last 24 of which were spent covering networking and security technology. Steve is based in Columbia, Md. View Full Bio

Previous
1 of 7
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
DarenF98301
100%
0%
DarenF98301,
User Rank: Apprentice
12/15/2017 | 2:19:24 PM
Please stop the clickbait slideshows
Please stop the clickbait slideshows

 

If you have relevent & valuable information to provide, please don't put it in a slide show that requires click thru for each page to reload.

 

You're not selling advertising (not that I see, in any case) and the only reason to format your story this way is to boost page view ranks.

 

Stop it.  Please.

 
Higher Education: 15 Books to Help Cybersecurity Pros Be Better
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/12/2018
Worst Password Blunders of 2018 Hit Organizations East and West
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/12/2018
2019 Attacker Playbook
Ericka Chickowski, Contributing Writer, Dark Reading,  12/14/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
The Year in Security 2018
This Dark Reading Tech Digest explores the biggest news stories of 2018 that shaped the cybersecurity landscape.
Flash Poll
[Sponsored Content] The State of Encryption and How to Improve It
[Sponsored Content] The State of Encryption and How to Improve It
Encryption and access controls are considered to be the ultimate safeguards to ensure the security and confidentiality of data, which is why they're mandated in so many compliance and regulatory standards. While the cybersecurity market boasts a wide variety of encryption technologies, many data breaches reveal that sensitive and personal data has often been left unencrypted and, therefore, vulnerable.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-19790
PUBLISHED: 2018-12-18
An open redirect was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9 and 4.2.x before 4.2.1. By using backslashes in the `_failure_path` input field of login forms, an attacker can work around the redirection target restricti...
CVE-2018-19829
PUBLISHED: 2018-12-18
Artica Integria IMS 5.0.83 has CSRF in godmode/usuarios/lista_usuarios, resulting in the ability to delete an arbitrary user when the ID number is known.
CVE-2018-16884
PUBLISHED: 2018-12-18
A flaw was found in the Linux kernel in the NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel id and cause a use-after-free. Thus a malicious container user can cause a host kernel memory corruption and a system ...
CVE-2018-17777
PUBLISHED: 2018-12-18
An issue was discovered on D-Link DVA-5592 A1_WI_20180823 devices. If the PIN of the page "/ui/cbpc/login" is the default Parental Control PIN (0000), it is possible to bypass the login form by editing the path of the cookie "sid" generated by the page. The attacker will have acc...
CVE-2018-18921
PUBLISHED: 2018-12-18
PHP Server Monitor before 3.3.2 has CSRF, as demonstrated by a Delete action.