According to data by Hackerone, ethical hackers earned $44,754,742 million collectively from bug bounties in the last 12 months. In total, hackers reported 60,000 valid vulnerabilities. Hackers received $979 on average per single vulnerability. The numbers are based on data extracted from over 2,000 bug bounty and vulnerability disclosure programs available on HackerOne from May 2019 to April 2020. 

More findings:

  • Over the last year, hackers reported 60,000 valid vulnerabilities and collected $44,754,742 million in bug bounty winnings.
  • Hackers received $979 on average per single vulnerability.
  • The United States remains the top payer of bounties, rewarding hackers $39,125,265 in the past year, which accounts for 87% of the total amount of bounties paid.
  • Up next is Russia, which granted $887,236 in bounty rewards to hackers.
  • Organizations from the UK round out the top 3, with $559,215 paid to hackers as bounty rewards in the past 12 months.
  • When it comes to the hackers themselves, US hackers are leading the way — together they earned $7,204,299.
  • Chinese hackers come in second, commanding $5,355,683.
  • Chinese hackers are closely followed by Indian hackers, who netted $4,401,251.
  • The top two most paying industries include computer software ($16,263,982) and internet service sectors ($16,079,195).