Security researchers from around the world last year reported over 100,000 valid vulnerabilities in software and systems belonging to organizations signed up with the HackerOne crowdsourced vulnerability disclosure platform. Together the researchers earned more than $19 million in bounties in 2018 — or nearly the same amount as the combined total paid out to hackers over the past six years under the HackerOne program. A survey-based report that HackerOne released Friday shows the number of white-hat hackers registered under the program doubled year over year to 300,000. "India and the US remain the top hacker locations year over year, but their majority is decreasing as hackers across the globe sign up for bug-bounty programs." In fact, the SECURE Technology Act (HR 7327), which President Trump signed into law last December, even authorizes the US Department of Homeland Security to establish a program that will let ethical hackers report bugs in federal government systems. Some top hackers in HackerOne's programs are making 40 times the median annual wage for security engineers in their home countries, according to the company.