Artificial intelligence (A.I.) will play a greater role in discovering code vulnerabilities in the years ahead, suggests HackerOne’s latest survey of the hacker ecosystem. In addition, hackers want to participate more in companies' code-development processes.
HackerOne’s 2020 Hacker Report, which drew its information from 3,150 respondents in 120 countries and territories, suggests that companies are paying out more to hackers who discover vulnerabilities. HackerOne, which hosts bug bounties on its platform, claims in the report that hackers earned nearly $40 million in bounties last year, “almost equal to the entire amount awarded in all prior years combined.”
Although “bug bounties”—i.e., allowing crowds of hackers to pick through a platform or website, and paying out cash for any vulnerabilities discovered—are widely seen as a cost-effective way to quickly harden up security, there are systems that no company would want a cluster of strangers picking through, such as anything related to customer data. In other words, responsible companies regard bug bounties as just one part of their overall security setup, leaving sensitive work to cybersecurity professionals with the right mix of skills.
Yet despite some firms’ concerns about having a crowd running rampant through sensitive code, some 74 percent of those hackers surveyed by HackerOne believe that businesses will gradually invite them to ferret out vulnerabilities during the development phase.
More hacking opportunities would obviously mean more cash in the pockets of bug-hunters around the world. According to the Hacker Report, some 22 percent of respondents said 100 percent of their income came from hacking; overall, some 53 percent of respondents said at least 50 percent of their income derived from it. No wonder many of them want companies to open up even more.
Cybersecurity and A.I.
Moreover, some 62 percent of the Hacker Report’s respondents believe that artificial intelligence (A.I.) will play a bigger role in discovering vulnerabilities. That aligns with the belief of many within the professional cybersecurity community that A.I. will become increasingly vital as threats grow in sophistication over the next several years.
For those who want to make a career out of cybersecurity, staying abreast of trends such as A.I. and machine learning is vital. It’s also important to study which jobs will incorporate a growing cybersecurity component in the years ahead. To that end, we analyzed data from Burning Glass, which collects and analyzes job-posting data from across the country, and found the following:
Last year, research firm CompTIA reported that 25 percent of companies are looking for significant improvement in cybersecurity skill sets. Given the consequences of a data breach, it seems likely that the demand for skills will only increase. Whether you’re a bug hunter on the outside or a member of a firm’s cybersecurity staff, protecting infrastructure from attackers could end up proving quite lucrative.