Careers & People

12/5/2017
12:20 PM
Steve Zurier
Steve Zurier
Slideshows
Connect Directly
Twitter
RSS
E-Mail
50%
50%

6 Personality Profiles of White-Hat Hackers

From making the Internet safer to promoting their security careers, bug bounty hunters have a broad range of motivators for hacking - most just like the challenge.
Previous
1 of 7
Next

Image Source: napocska, via Shutterstock

Image Source: napocska, via Shutterstock

When the general public thinks of "hackers," top-of-mind thoughts include cybercriminals breaking into large retail stores like Target or Home Depot or state-sponsored hackers from adversary nations such as China, Russia, Iran, and North Korea. The bug bounty movement has been working hard over the past several years to raise the profile and improve the perception of white-hat hackers. While white-hat hackers have been around for a couple of decades, new bug bounty companies such as Bugcrowd and HackerOne have legitimized the work of white-hat hackers. The US Department of Defense has even bought in during the past year by starting a bug bounty program of its own.

Already, Bugcrowd customers have paid out more than $10 million in bounties and HackerOne has topped $20 million.

“While someone living in New York or San Francisco would have to earn at least $100,000 to do bug hunting full-time, for people in places like the Philippines, something like $300 a month can be enough to survive on,” said Sam Houston, senior community manager at Bugcrowd. “The vast majority of Bugcrowd users are based in the United States and India, but more and more we are getting people from around the world from places like Egypt, Morocco and Turkey.”

According to a recent Bugcrowd report, Inside the Mind of a Hacker 2.0, the company lays out five profiles of white-hat hackers. The categories range from people who are attracted to hunting bug bounties to make the Internet safe to those who do hacking full-time as a vocation. HackerOne, which added a sixth trait, reports in The Hacker-Powered Security Report 2017 that the average bounty paid to hackers for finding a vulnerability reached $1,923 in 2017, up 15% from $1,631 in 2015.

Based on interviews with Bugcrowd’s Houston and Michiel Prins, co-founder of HackerOne, we developed a list of six traits of hackers that we think our readers will find familiar. 

 

Steve Zurier has more than 30 years of journalism and publishing experience, most of the last 24 of which were spent covering networking and security technology. Steve is based in Columbia, Md. View Full Bio

Previous
1 of 7
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
DarenF98301
100%
0%
DarenF98301,
User Rank: Apprentice
12/15/2017 | 2:19:24 PM
Please stop the clickbait slideshows
Please stop the clickbait slideshows

 

If you have relevent & valuable information to provide, please don't put it in a slide show that requires click thru for each page to reload.

 

You're not selling advertising (not that I see, in any case) and the only reason to format your story this way is to boost page view ranks.

 

Stop it.  Please.

 
Want Your Daughter to Succeed in Cyber? Call Her John
John De Santis, CEO, HyTrust,  5/16/2018
Don't Roll the Dice When Prioritizing Vulnerability Fixes
Ericka Chickowski, Contributing Writer, Dark Reading,  5/15/2018
New Mexico Man Sentenced on DDoS, Gun Charges
Dark Reading Staff 5/18/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "Security through obscurity"
Current Issue
Flash Poll
Surviving the IT Security Skills Shortage
Surviving the IT Security Skills Shortage
Cybersecurity professionals are in high demand -- and short supply. Find out what Dark Reading discovered during their 2017 Security Staffing Survey and get some strategies for getting through the drought. Download the report today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-1067
PUBLISHED: 2018-05-21
In Undertow before versions 7.1.2.CR1, 7.1.2.GA it was found that the fix for CVE-2016-4993 was incomplete and Undertow web server is vulnerable to the injection of arbitrary HTTP headers, and also response splitting, due to insufficient sanitization and validation of user input before the input is ...
CVE-2018-7268
PUBLISHED: 2018-05-21
MagniComp SysInfo before 10-H81, as shipped with BMC BladeLogic Automation and other products, contains an information exposure vulnerability in which a local unprivileged user is able to read any root (uid 0) owned file on the system, regardless of the file permissions. Confidential information suc...
CVE-2018-11092
PUBLISHED: 2018-05-21
An issue was discovered in the Admin Notes plugin 1.1 for MyBB. CSRF allows an attacker to remotely delete all admin notes via an admin/index.php?empty=table (aka Clear Table) action.
CVE-2018-11096
PUBLISHED: 2018-05-21
Horse Market Sell & Rent Portal Script 1.5.7 has a CSRF vulnerability through which an attacker can change all of the target's account information remotely.
CVE-2018-11320
PUBLISHED: 2018-05-21
In Octopus Deploy 2018.4.4 through 2018.5.1, Octopus variables that are sourced from the target do not have sensitive values obfuscated in the deployment logs.