A survey of 1,700 bug bounty hunters registered on the HackerOne platform reveals that top white-hat hackers make on average 2.7 times more money than the average salary of a software engineer in the same country.
The reported numbers are different for each country and may depend on a bug bunter's ability to find bugs, but the survey's results highlight the rising popularity of bug hunting as a sustainable profession, especially in less developed countries, where it can help talented programmers live a financially care-free life.
According to HackerOne's report, it pays to be a vulnerability researcher in India, where top bug hunters can make 16 times more compared to the average salary of a software engineer.
Other countries where bug hunting can assure someone a comfortable living are Argentina (x15.6), Egypt (x8.1), Hong Kong (x7.6), the Philippines (x5.4), and Latvia (x5.2).
But bug hunting is also a sustainable profession in developed countries as well, though the differences between average yearly bug bounty payouts and a software engineer's average salary are far smaller.
For example, a top bug bounty hunter makes 2.4 times more than the average software engineer in the US, 2.5 times than one in Canada, 1.8 times more than one in Germany, and 1.6 times than software engineers in Israel.
More details about the profession of bug bounty hunting and other vulnerability research statistics are available in HackerOne's 40-page 2018 Hacker Report.
If you don't have the time to peruse through the report, below are some of its key findings: