HackerOne Report Shows Bug Bounty Industry and Bounty Rewards Are On the Rise Globally
HackerOne, the leading bug bounty and vulnerability disclosure platform provider, today published “The 2017 Hacker-Powered Security Report” that examines over 800 hacker-powered programs from organizations including Airbnb, GitHub, General Motors, Intel, Lufthansa, Nintendo, U.S. Department of Defense, Uber, and more. Findings are based on nearly 50,000 resolved security vulnerabilities and more than $17 million in bounties awarded -- the world’s largest platform dataset.
With data breaches averaging $4 million in losses globally and the downtime caused by attacks like WannaCry costing upwards of $8 billion, the most security conscious organizations are working with hackers to find unknown vulnerabilities. Hacker-powered security provides a way to identify high-value vulnerabilities faster, leveraging the creativity of the world’s largest ethical hacker community. The report data reveals that hackers are finding severe vulnerabilities and getting paid for it, with 32 percent of resolved vulnerabilities classified as high to critical severity, and top rewards reaching $30,000 USD for a single report.
Hackers in over 90 countries are earning bounty rewards. The most competitive organizations are awarding hackers nearly $900,000 USD a year, with critical vulnerabilities earning $1,923 on average. In the past 12 months, 88 individual bug bounties rewards were over $10,000 USD.
“Hacker-powered security programs are undeniably effective at finding vulnerabilities organizations never knew existed,” said Alex Rice, CTO and founder, HackerOne. “The report showcases the success of these programs and the diverse capabilities of the global hacker community, with nearly 50,000 security vulnerabilities resolved.”
The 2017 Hacker-Powered Security Report Key Findings:
- Bug bounties aren’t just for technology companies. While over half of bug bounty programs launched in 2016 were by technology companies, 41 percent were from other industries. Verticals showing significant year-over-year growth include government agencies, like the U.S. Department of Defense, media and entertainment, financial services and banking, and ecommerce and retail.
- Customers’ security response efficiency is improving: The average time to first response for security issues is 6 days in 2017, compared to 7 days in 2016. Ecommerce and retail organizations fix security issues in four weeks, the fastest on average.
- Responsive programs attract top hackers. Programs that are the fastest at acknowledging, validating, and resolving submitted vulnerabilities are the most attractive to hackers. Loyalty matters — repeat hackers are to thank for the majority of valid reports.
- Bounty payments are increasing. The average bounty paid to hackers for a critical vulnerability is $1,923 in 2017, compared to $1,624 in 2015 — an increase of 16 percent. The top performing bug bounty programs award hackers an average of $50,000 USD a month, with some paying around $900,000 a year.
- Vulnerability disclosure policies. Despite increased bug bounty program adoption and recommendations from federal agencies, 94 percent of the top publicly-traded companies still do not have known vulnerability disclosure policies — unchanged from 2015.
The most authoritative report on bug bounties and hacker-powered security
The 2017 Hacker-Powered Security Report examines data collected from over 800 bug bounty and vulnerability disclosure programs around the world. The report includes analysis of nearly 50,000 vulnerabilities resolved from over 13 industries, plus insight from more than 600 customers and over 100,000 registered hackers. HackerOne also analyzed vulnerability disclosure policy data from the Forbes Global 2000 to better understand hacker-powered security adoption. The 2017 Hacker-Powered Security Report is based on the most comprehensive platform dataset, and it provides insight into the adoption rate of bug bounties, pricing strategies, hacker motivations, and more.
The full report is available at: https://www.hackerone.com/resources/hacker-powered-security-report
HackerOne is the #1 hacker-powered security platform, connecting organizations with the world’s largest community of trusted hackers. More than 800 organizations, including the U.S. Department of Defense, General Motors, Uber, Twitter, GitHub, Nintendo, Kaspersky Lab, Panasonic Avionics, Qualcomm, Square, Starbucks, Dropbox and the CERT Coordination Center trust HackerOne to find critical software vulnerabilities before criminals can exploit them. HackerOne customers have resolved nearly 50,000 vulnerabilities and awarded more than $17M in bug bounties. HackerOne is headquartered in San Francisco with offices in London and the Netherlands.
Om Business Wire
(c) 2018 Business Wire, Inc., All rights reserved.
Business Wire, a Berkshire Hathaway company, is the global leader in multiplatform press release distribution.
Følg saker fra Business Wire
Registrer deg med din epostadresse under for å få de nyeste sakene fra Business Wire på epost fortløpende. Du kan melde deg av når som helst.
Siste saker fra Business Wire
Warm welcome for ABB Formula E in Davos19.1.2019 09:00 | Pressemelding
Just a few days before the start of the World Economic Forum 2019, Davos is celebrating a world premiere: The latest ABB FIA Formula E racing car - dubbed Gen2 – was transported on a train from the iconic Swiss Rhaetian Railway to Europe’s highest city, where it will be an exciting eyecatcher during the coming week at the Davos Platz railway station. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20190119005003/en/ ABB FIA Formula E racing car in Davos (Photo: Business Wire) From this Saturday until next Sunday, January 27, the Gen2 will be on display in a special glass case. Interested passersby can learn about the ABB FIA Formula E racing series as well as about the activities of ABB in e-mobility via an information system. With over 8,500 fast charging stations installed in 70 countries around the world, ABB is the global market leader for charging infrastructures. To watch the video, click here ABB (ABBN: SIX Swiss Ex) is
PMI’s Mission Winnow Goes Full Throttle with Ducati Corse for 2019 MotoGP™18.1.2019 17:00 | Pressemelding
Philip Morris International Inc. (PMI) (NYSE: PM) is pleased to announce that its Mission Winnow initiative is expanding in 2019 to include the Ducati Corse racing team. Mission Winnow is a PMI-led campaign to raise global awareness of our passion and determination to constantly improve and evolve, as well as highlight the power of science, technology and innovation to build a better future. PMI has partnered with Ducati Corse since 2002 and has extended the relationship for another three years until the end of 2021. As of the start of this year’s MotoGP season, the team will be officially known as Mission Winnow Ducati. Mission Winnow was first launched in October 2018 with Scuderia Ferrari Mission Winnow, which – like Ducati Corse – has a passion for innovation and a relentless drive to improve in the team’s pursuit of victory. Ducati Corse is one of the most inspiring and resilient teams in MotoGP, with a 70-year history in racing. Ducati fans form a passionate community who appreci
IFF’s Frutarom Division Completes Acquisition of 60% of Thailand-based Mighty18.1.2019 12:50 | Pressemelding
Regulatory News: International Flavors & Fragrances Inc. (NYSE:IFF) (Euronext Paris:IFF) (TASE:IFF), announced that its Frutarom Division has completed the acquisition of 60% of the share capital of The Mighty CO. LTD. (“Mighty”), a leading savory solutions provider in Thailand, thus continuing its growth strategy in Southeast Asia. Amos Anatot, President of IFF's Frutarom Division, said, “The completion of this deal with Mighty underscores that the Frutarom division will continue on its growth strategy and pursue attractive companies that create new opportunities or build on current capabilities.” Mr. Anatot continued, “And in this case, we are helping to grow our capabilities in savory solutions – already an area of strength for legacy Frutarom, now IFF." Mighty, founded in 1989, develops, produces and markets reaction flavors, with particular expertise in savory solutions. The company’s portfolio includes flavors, seasoning blends, marinades, and specialty functional raw materials f
LTI Q3 FY19: Constant currency revenue growth up 6.1% QoQ and 20.6% YoY; Net Profit jumps 32.8% YoY18.1.2019 12:02 | Pressemelding
Larsen & Toubro Infotech (BSE code: 540005, NSE: LTI), a global technology consulting and digital solutions company, announced its Q3 FY19 results today. In US Dollars: Revenue at USD 346.9 million; growth of 5.6% QoQ and 18.2% YoY Constant Currency Revenue growth of 6.1% QoQ and 20.6% YoY In Indian Rupees: Revenue at Rs 24,729 million; growth of 6.1% QoQ and 31.3% YoY Net Income at Rs 3,755 million; growth of (6.2%) QoQ and 32.8% YoY “We are pleased to deliver another strong quarter with 5.6% QoQ growth in USD revenues. Our broad-based revenue growth, superior margin delivery and steady cash generation in Q3 is a testimony of our focused execution and client centricity. We are also thrilled to welcome Ruletronics to LTI family. Ruletronics enables businesses to transform and evolve digitally by providing innovative BPM and CRM solutions leveraging Pega Platform.” - Sanjay Jalona, Chief Executive Officer & Managing Director, LTI Recent Deal Wins Nets, the leading payments company in th
Schlumberger Announces Full-Year and Fourth-Quarter 2018 Results18.1.2019 12:00 | Pressemelding
Schlumberger Limited (NYSE: SLB) today reported results for full-year 2018 and the fourth quarter of 2018. (Stated in millions, except per share amounts) Full-Year Results Twelve Months Ended Change Dec. 31, 2018 Dec. 31, 2017 Year-on-year Revenue $32,815 $30,440 8% Pretax operating income $4,187 $3,921 7% Pretax operating margin 12.8% 12.9% -12 bps Net income (loss) - GAAP basis $2,138 $(1,505) n/m Net income, excluding charges & credits* $2,261 $2,085 8% Diluted EPS (loss per share) - GAAP basis $1.53 $(1.08) n/m Diluted EPS, excluding charges and credits* $1.62 $1.50 8% Full-Year Consolidated Revenue by Area North America $11,984 $9,487 26% Latin America 3,745 3,976 -6% Europe/CIS/Africa 7,158 7,072 1% Middle East & Asia 9,543 9,394 2% Other 385 511 n/m $32,815 $30,440 8% North America revenue $11,984 $9,487 26% International revenue $20,446 $20,442 - North America revenue, excluding Cameron $9,668 $7,518 29% International revenue, excluding Cameron $17,675 $17,423 1% *These are non
FLIR Systems Awarded $89 Million Contract from French Armed Forces to Deliver Black Hornet Personal Reconnaissance System18.1.2019 11:00 | Pressemelding
FLIR Systems, Inc. (NASDAQ: FLIR) announced today it has been awarded a contract from the French Defense Procurement Agency (DGA) in support of the French Operational Pocket Drone (DrOP) program. The contract has a ceiling value of $89 million to provide the FLIR Black Hornet® 3 nano-unmanned aerial vehicle (UAV) and Personal Reconnaissance System (PRS) to support French Armed Forces operations. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20190118005085/en/ The French Armed Forces awarded FLIR Systems a contract to deliver the Black Hornet Personal Reconnaissance System for military operations. (Photo: Business Wire) The Black Hornet PRS is the world’s smallest combat-proven nano-Unmanned Aerial System (UAS) and is currently deployed in more than 30 countries. The Black Hornet enables the warfighter to maintain situational awareness, threat detection, and surveillance no matter where the mission takes them. Equipped with el