Half of survey respondents used bug bounty programmes to increase their security knowledge
Software is a massive industry, enabling fast, reliable operations even when everyone is working from home. Protecting those vital systems is key to ensuring work can continue; however, security professionals are increasingly finding that on-the-job training is not enough when it comes to keeping up with the rising scale and sophistication of attacks.
According to a new survey of nearly 1,200 ethical hackers by vulnerability disclosure platform Intigriti, security professionals are turning to bug bounty programmes - whereby white hat hackers can legally report bugs to an organisation for a reward - to keep their skills and knowledge up to date.
Half of the respondents to Intigriti's survey said they used bug bounty hunting to learn useful, relevant knowledge, compared to just 11% who said their job was their primary source. That makes bounty hunting the second-most-popular resource for developing general information security, just after the element that is tried and true across industries: practice.
The same was true for traditional education. Seventy-eight per cent of respondents said bounty hunting was the best resource for building a toolset of information about security, versus 8% who favoured a school, college or university.
The survey results may indicate that bug bounty hunting is a valid path to tackle the cybersecurity skills shortage: 32% of respondents were students, and 86% described themselves as 'part-time' bounty hunters.
The pandemic has also helped drive more people towards the practice. In comparison to a similar survey from pre-pandemic, 59% of respondents said they are spending more time bounty hunting - with 74% saying they were doing so to increase their skills, and just over half (53%) saying they saw it as a path to increase their earnings.
Intigriti's Head of Hackers, Inti De Ceukelaire, said:
"The work-from-home culture has made employees desire more independence and has further encouraged digital nomads to pursue a remote working career. Bug bounty platforms can not only facilitate this, but they also allow people to work wherever they want, whenever they want, and without having to rely on a boss to match their talents with customers or be part of a corporate hierarchy."