One-quarter of ethical hackers don't bother reporting vulnerabilities that they find because the affected company does not have a clearly discernible reporting policy.
That's according to HackerOne's '2018 Hacker Report', which questioned 1,698 members of the hacking community, making it the largest documented survey ever conducted of the ethical hacking community.
One of the main discoveries was that almost 25 per cent of respondents said they felt unable to disclose a security flaw because the organisation in question lacked an apparent vulnerability disclosure policy.
This doesn't mean that hackers don't try. HackerOne notes that many attempt to contact firms via social media and email, but are "frequently ignored or misunderstood".
However, 72 per cent of those quizzed said that companies are becoming more open to receiving vulnerabilities than they were before.
Unlike a bug bounty program, such as those offered by Intel, Google, Microsoft and Samsung, a vulnerability disclosure policy does not offer hackers financial incentives for their findings, HackerOne notes. Despite this, the US Department of Defense resolved almost 3,000 vulnerabilities without offering ethical hackers the incentive of a a cash reward.
Bug bounties are where the big money's at, though. The report reveals that 12 per cent of hackers on HackerOne make $20,000 or more annually from bug bounties, more than three per cent take home more than $100,000 per year, and 1.1 per cent are making more than $350,000 annually.
One-quarter of hackers rely on bounties for at least 50 per cent of their annual income, and 13.7 per cent say their bounties earned represents 90- 100 per cent of their annual income.
HackerOne notes that the top hackers based in India earn 16-times the median salary of a software engineer via bug bounty programmes.
At the same time, though, many aren't using the windfall to fund purchases of vintage champagne and Lamborghinis. One-in-four say they have donated their bounty to charity rather than trousering it for themselves.
Indeed, the report suggests that money is no longer hackers' top reason for, er, hacking either, with respondents claiming that they do are motivated by the opportunity to learn tips and techniques, with "to be challenged" and "to have fun" tied for second.
Microsoft seizes control of phishing sites linked with Russian state hackers
Fitness trackers over-estimate the number of steps their users take, analysis of 67 research reports suggests
Everything we think we know about the imminent Apple iPhone 9, iPhone 11 and iPhone 11 Plus launches
All the latest rumours about Apple iPhone Displays, CPUs, launch dates and even prices
Nvidia brings Turing microarchitecture into the high-end gaming segment