I’ve made over $588k on Bug Bounty so far
How much one can earn on Bug Bounty?
In the beginning, I suggest looking at the statistics of HackerOne itself. It’s not the most recent, but it shows the trend nice.
According to it, by 2019:
⁃ more than 1 million researchers have registered on the platform;
⁃ more than 9,000 of them earned at least something;
⁃ more than 200 people have earned more than $100,000;
⁃ 9 people earned more than $1 million.
I also know that now there is at least 1 person who has earned more than $2 million.
I would like to separately mention Sergey Toshin (bagipro) from Moscow, he became one of those who were able to earn more than $1 million on H1. In addition to the fact that I’m just glad that he is from Russia, I want to note his unusual approach to finding vulnerabilities.
As far as I know (I don’t know him personally, I just read a few interviews and saw his disclosed reports) — all this time he was researching exclusively mobile applications. As a result, he even launched his own startup for analyzing the security of mobile applications, which he financed from his income in a bug bounty.
My own Bug Bounty overall income
As for me, my income for 3 years of full-time work was:
⁃ $91 thousand for 2019;
⁃ $229 thousand for 2020;
⁃ $252 thousand for 2021.
And in total, for the entire time of my work, I managed to earn $588 thousand:
I want to immediately note that going into this area solely for money, having no interest, is a disastrous approach. My opinion is that here, as in any profession, only a person who sincerely enjoys work can achieve significant success.
If you love my posts you can subscribe me on Patreon (from $1 per month): https://www.patreon.com/skavans
All my posts (including this one) are first published in my Telegram channel. Beyond, there is a lot of exclusive content about being a full-time Bug Bounty Hunter. Subscribe:
