Bug Bounty

Who is the "ethical hacker" and how does he operate?

BugHunt

3 min read
Who is the "ethical hacker" and how does he operate?

Ethical hacker, bug hunter, or hacker—these are all terms used to describe a cybersecurity expert who searches for vulnerabilities in digital assets in exchange for rewards.

Often marginalized for being confused with cybercriminals, hackers are gaining increasing recognition in the cybersecurity market through Bug Bounty programs.

In fact, the hacker community is advocating for an end to terms like "ethical hacker" because they carry a negative connotation. A hacker is an expert capable of finding vulnerabilities and security flaws, usually working for companies themselves. The criminal who uses this knowledge is called a cybercriminal, also known as a “cracker.” Thus, the term "ethical hacker" can be considered redundant and only reinforces stereotypes.

In Brazil, the TSE (Superior Electoral Court) relied on hackers to test the security of electronic voting machines that will be used in the 2024 municipal elections. The goal of this initiative is to ensure the security, transparency, and integrity of the voting machines, which is a strong testament to the credibility hackers are gaining.

Additionally, major companies like Google, Microsoft, and OpenAI have publicly stated that they rely on hackers’ expertise to find vulnerabilities in their products and systems.

Curious to learn more about the so-called "ethical hacker"? Then, stay tuned for the next topics in this article and get to know more about this essential digital security professional.

Who is the "ethical hacker"?

A hacker is a cybersecurity expert responsible for identifying vulnerabilities in digital assets through technical intrusion skills.

Most often, hackers work in bug bounty programs, collaborating with a network of professionals and companies aiming to improve the security of their digital assets.

At BugHunt, hackers are called BugHunters. Currently, the BugHunters community consists of more than 20,000 specialists.

It’s worth noting that there are many paths to becoming what is popularly known as an “ethical hacker.” The "Raio X dos BugHunters"—a study on these professionals—revealed that 48% of hackers partnered with BugHunt have a background in cybersecurity, 33% in IT, 6.7% in computer engineering, and 11.7% in other fields.

Another finding from the Raio X shows who these hackers are: 41.7% of BugHunters are between 17 and 24 years old. In other words, hackers are part of a new generation of digital security professionals, bringing a fresh perspective to the field.

What does a hacker do?

In general, a hacker's main role is to identify vulnerabilities in systems, applications, and IT infrastructures. This can involve code analysis, network traffic analysis, and searching for improper configurations.

This means that hackers are responsible for inspecting and testing the online assets of public and/or private organizations for potential security flaws. Their goal is to alert companies so they can fix their vulnerabilities before a cybercriminal exploits them.

Thus, hackers act as true partners to companies, helping them proactively protect against digital threats.

In Bug Bounty programs, hackers play a crucial role in protecting companies. These experts are responsible for identifying and reporting the vulnerabilities they find so that companies can gain more visibility over their weak points and know how to plan their digital security strategies.

How much does a hacker earn?

There is no set amount for how much a hacker can earn. This is because their income varies depending on the rewards offered by each Bug Bounty program.

The highest recorded reward for a vulnerability report was paid by Google, totaling $605,000 for a critical exploitation chain report.

In Brazil, the highest bug reward so far was R$28,000, paid for a vulnerability that put a company's operations at risk as part of BugHunt’s private program.

Additionally, the "Raio X dos BugHunters" revealed that 45% of BugHunters earn more than R$5,000, and 78% of hackers are seeking extra income.

Did you enjoy learning more about hackers? Then visit the BugHunt blog to understand more about how the Bug Bounty program works and see the impact these professionals have on companies.