Inside A Bug-Hunter's Head: 6 Motivators
Who are bug bounty hunters, and why do they hack? We dig inside the motivators driving today's hackers to seek vulnerabilities.
![](https://eu-images.contentstack.com/v3/assets/blt6d90778a997de1cd/blt9753e40783ccc11c/64f0d919a720e86d0bbc36bf/Motivators_Slide1.jpg?width=700&auto=webp&quality=80&disable=upscale)
Who are bug bounty hunters? Why do they seek vulnerabilities? What motivates their work and how do these motivators change over time as they spend more time in the field?
The answers to these questions can be found in a recent Bugcrowd report titled "Inside the Mind of a Hacker." Researchers polled bug hunters to learn more about where they come from, their professional and educational background, their hacking experience, and what motivates them.
Results revealed today's bug hunters represent a broad range of skill sets and expertise. Nearly all (95%) of survey respondents felt they had intermediate or advanced knowledge of web app testing, 48% of Android, 28% in iOS, and 15% in IoT.
As a whole, the hacker community is relatively young. Nearly 60% of respondents were between 18 and 29 years old, and 34% were between 30 and 44.
Most respondents either identified as students or are employed outside of bug hunting, but 15% identified themselves as full-time bug hunters, and many respondents reported they aspire to become full-time bug hunters in the future. Bugcrowd anticipated the number of full-timers is poised to grow.
Similar findings were discovered in the 2016 Bug Bounty Hacker Report from HackerOne. In this survey, 90% of respondents were under 34 years old and 43.5% were between 18 and 24 years old. They also reported a preference for web apps, with 77% stating these were their favorite hacking target.
So what motivates hackers to hunt for bugs?
The Bugcrowd report discovered there are several motivators driving bug bounty hunters. However, key motivators vary depending on the hacker's profession, experience level, and career aspirations.
For example, bug hunters new to the field are primarily motivated by intellectual challenge and fun. Some of them entered the field because their friends were doing it; others tried hacking to test themselves and soon realized they had a talent for it.
In contrast, hackers who have spent more time in the industry are experienced enough to rely on bug bounty hunting for most of their income. They are primarily motivated by financial reward.
Here, we dive into some of the most common motivators among bug bounty hunters. What drives hackers to hack? Read on to learn more.
Money
"The [motivator] they'll mention most of the time is making money," says Marten Mickos, CEO of HackerOne, who notes hacking provides a fairly immediate financial reward.
Some hackers rely on this income more than others. The Bugcrowd report discovered Hobbyists, who hack for money and the "fun of the hunt," consider the money they earn from bug-hunting to be expendable income. These individuals are mostly employed outside of hacking. Twenty-two percent are software engineers or developers, 19% are penetration testers, 18% are security engineers, and 16% are students.
Bug hunting is a primary source of income for full-time hackers, Bugcrowd reported. More than half of these professionals consider bug bounties their main profession and use the funds they earn for bills and living expenses. The Virtuosos, who have the most security experience, also consider money a primary motivator but mostly have full-time jobs outside hacking. Hackers with more experience and greater proficiency earn the most, says Mickos.
Not all hackers are motivated by cash. Mathias Karlsson, Bugcrowd hacker researcher, says he doesn't view financial reward as a key motivator for bug hunters. Many people outside the field believe hackers are in it for the money, he explains, but he doesn't know any who are. Many are simply drive by the intellectual stimulation of seeking vulnerabilities.
The 2016 Bug Bounty Hacker Report by HackerOne discovered financial reward is the primary motivator for hackers, with 71.5% of surveyed bug hunters reporting they hack to make money.
Challenge
Karlsson, who is primarily focused on web hacking, says intellectual challenge is the primary reason he hacks. The competition within the hacker community is another key motivator.
"Not only was I competing against myself and whoever built the system, but against other skilled hackers," he says of getting into the field. The problem-solving aspect of his job is an important reason he hacks and is greater than the financial reward.
Mickos agrees one of the primary motivators for hackers is the intellectual stimulation. Most people in business are worried when they discover vulnerabilities, but hackers love them. They view them as "treasure," he says.
"Finding a vulnerability in a system is a puzzle; it's an enigma; it's a lock to open," he explains. "Even if bounties were not paid for vulnerabilities, there would still be a ton of hackers."
Challenge is a primary motivator among the knowledge-seeker community of bug hunters, Bugcrowd discovered. These hackers are fairly new to the bug bounty scene and have been doing it for less than a year. Most don't bug hunt full-time, but most are young (55% are 18-29 years old) and plan to hunt full-time in the future.
Education, Resume Building
Education and career development are among the many motivators for younger hackers, says Mickos. Those starting out in the field are focused on building their resumes, and they can list their biggest bug-hunting accomplishments among their credentials to prove their expertise.
"If you're an aspiring hacker and find a vulnerability in Adobe, or GM, or another company with a strong brand, it will be a badge of honor for you," Mickos explains. Resume building was a motivator among 64.3% of survey respondents in the HackerOne Bug Bounty report.
Education is a also a motivator among some older hackers, says Mickos, but mostly so they can instruct others. While they make money from bug hunting, these disciplined professionals also want to share their skills with new entrants to the field.
While bug hunting is a valuable form of education, many hackers are also motivated by skill retention. Bug bounties help them stay relevant and up-to-date on the latest trends and techniques, which they can use in their part-time or full-time roles.
To Do Good
Mickos notes how many hackers are driven by the opportunity to be useful through their work. It's a natural human trait, he says, to want to help and many hackers have good intentions.
"They always mention 'doing good' as a reason [for hacking]," he explains. "It may not be the first one, but it always comes up at some point."
Karlsson also acknowledges many security hackers are motivated by the opportunity to contribute to the greater good. Bugcrowd notes altruism is a primary driver among the hackers it classifies as Protectors, who are primarily motivated to strengthen the safety of the Internet and the products they use. Many of them have a few years of experience in the field. Nearly one-third (32%) have more than five years in the security industry, and half have more than three years of security experience.
Patriotism
While patriotism is a less common motivator among bug hunters, it's a driver for hackers who want to serve as positive representations of their countries. This is especially relevant for hackers from countries that aren't known for their contributions to information security, says Mickos. Bug hunters want to show their country as a place that produces technically competent people of good intent.
Finally, bug hunters get into the field simply because they enjoy it.
"You have many hackers who do it for the fun and for working together," says Mickos. "For them, it's a social endeavor." Many friends get together and hack in a group, forming a "task force" either in-person or online. Bonding together can increase productivity, he explains.
Finally, bug hunters get into the field simply because they enjoy it.
"You have many hackers who do it for the fun and for working together," says Mickos. "For them, it's a social endeavor." Many friends get together and hack in a group, forming a "task force" either in-person or online. Bonding together can increase productivity, he explains.
Who are bug bounty hunters? Why do they seek vulnerabilities? What motivates their work and how do these motivators change over time as they spend more time in the field?
The answers to these questions can be found in a recent Bugcrowd report titled "Inside the Mind of a Hacker." Researchers polled bug hunters to learn more about where they come from, their professional and educational background, their hacking experience, and what motivates them.
Results revealed today's bug hunters represent a broad range of skill sets and expertise. Nearly all (95%) of survey respondents felt they had intermediate or advanced knowledge of web app testing, 48% of Android, 28% in iOS, and 15% in IoT.
As a whole, the hacker community is relatively young. Nearly 60% of respondents were between 18 and 29 years old, and 34% were between 30 and 44.
Most respondents either identified as students or are employed outside of bug hunting, but 15% identified themselves as full-time bug hunters, and many respondents reported they aspire to become full-time bug hunters in the future. Bugcrowd anticipated the number of full-timers is poised to grow.
Similar findings were discovered in the 2016 Bug Bounty Hacker Report from HackerOne. In this survey, 90% of respondents were under 34 years old and 43.5% were between 18 and 24 years old. They also reported a preference for web apps, with 77% stating these were their favorite hacking target.
So what motivates hackers to hunt for bugs?
The Bugcrowd report discovered there are several motivators driving bug bounty hunters. However, key motivators vary depending on the hacker's profession, experience level, and career aspirations.
For example, bug hunters new to the field are primarily motivated by intellectual challenge and fun. Some of them entered the field because their friends were doing it; others tried hacking to test themselves and soon realized they had a talent for it.
In contrast, hackers who have spent more time in the industry are experienced enough to rely on bug bounty hunting for most of their income. They are primarily motivated by financial reward.
Here, we dive into some of the most common motivators among bug bounty hunters. What drives hackers to hack? Read on to learn more.
About the Author(s)
You May Also Like
CISO Perspectives: How to make AI an Accelerator, Not a Blocker
August 20, 2024Securing Your Cloud Assets
August 27, 2024