One-quarter of ethical hackers don't bother reporting vulnerabilities that they find because the affected company does not have a clearly discernible reporting policy.
That's according to HackerOne's '2018 Hacker Report', which questioned 1,698 members of the hacking community, making it the largest documented survey ever conducted of the ethical hacking community.
One of the main discoveries was that almost 25 per cent of respondents said they felt unable to disclose a security flaw because the organisation in question lacked an apparent vulnerability disclosure policy.
This doesn't mean that hackers don't try. HackerOne notes that many attempt to contact firms via social media and email, but are "frequently ignored or misunderstood".
However, 72 per cent of those quizzed said that companies are becoming more open to receiving vulnerabilities than they were before.
Unlike a bug bounty program, such as those offered by Intel, Google, Microsoft and Samsung, a vulnerability disclosure policy does not offer hackers financial incentives for their findings, HackerOne notes. Despite this, the US Department of Defense resolved almost 3,000 vulnerabilities without offering ethical hackers the incentive of a a cash reward.
Bug bounties are where the big money's at, though. The report reveals that 12 per cent of hackers on HackerOne make $20,000 or more annually from bug bounties, more than three per cent take home more than $100,000 per year, and 1.1 per cent are making more than $350,000 annually.
One-quarter of hackers rely on bounties for at least 50 per cent of their annual income, and 13.7 per cent say their bounties earned represents 90- 100 per cent of their annual income.
HackerOne notes that the top hackers based in India earn 16-times the median salary of a software engineer via bug bounty programmes.
At the same time, though, many aren't using the windfall to fund purchases of vintage champagne and Lamborghinis. One-in-four say they have donated their bounty to charity rather than trousering it for themselves.
Indeed, the report suggests that money is no longer hackers' top reason for, er, hacking either, with respondents claiming that they do are motivated by the opportunity to learn tips and techniques, with "to be challenged" and "to have fun" tied for second.
ZenFone 5 Pro appears to boast a Snapdragon 845 SOC, an Adreno 630 GPU and 6GB of RAM
Pilot project will serve 300 homes to start with
The IoT faces significant compatibility challenges, which could be avoided for blockchain by adopting Hyperledger
Software engineers found the data writing bug via sparse disk images