HackerOne Report Shows Bug Bounty Industry and Bounty Rewards Are On the Rise Globally
HackerOne, the leading bug bounty and vulnerability disclosure platform provider, today published “The 2017 Hacker-Powered Security Report” that examines over 800 hacker-powered programs from organizations including Airbnb, GitHub, General Motors, Intel, Lufthansa, Nintendo, U.S. Department of Defense, Uber, and more. Findings are based on nearly 50,000 resolved security vulnerabilities and more than $17 million in bounties awarded -- the world’s largest platform dataset.
With data breaches averaging $4 million in losses globally and the downtime caused by attacks like WannaCry costing upwards of $8 billion, the most security conscious organizations are working with hackers to find unknown vulnerabilities. Hacker-powered security provides a way to identify high-value vulnerabilities faster, leveraging the creativity of the world’s largest ethical hacker community. The report data reveals that hackers are finding severe vulnerabilities and getting paid for it, with 32 percent of resolved vulnerabilities classified as high to critical severity, and top rewards reaching $30,000 USD for a single report.
Hackers in over 90 countries are earning bounty rewards. The most competitive organizations are awarding hackers nearly $900,000 USD a year, with critical vulnerabilities earning $1,923 on average. In the past 12 months, 88 individual bug bounties rewards were over $10,000 USD.
“Hacker-powered security programs are undeniably effective at finding vulnerabilities organizations never knew existed,” said Alex Rice, CTO and founder, HackerOne. “The report showcases the success of these programs and the diverse capabilities of the global hacker community, with nearly 50,000 security vulnerabilities resolved.”
The 2017 Hacker-Powered Security Report Key Findings:
- Bug bounties aren’t just for technology companies. While over half of bug bounty programs launched in 2016 were by technology companies, 41 percent were from other industries. Verticals showing significant year-over-year growth include government agencies, like the U.S. Department of Defense, media and entertainment, financial services and banking, and ecommerce and retail.
- Customers’ security response efficiency is improving: The average time to first response for security issues is 6 days in 2017, compared to 7 days in 2016. Ecommerce and retail organizations fix security issues in four weeks, the fastest on average.
- Responsive programs attract top hackers. Programs that are the fastest at acknowledging, validating, and resolving submitted vulnerabilities are the most attractive to hackers. Loyalty matters — repeat hackers are to thank for the majority of valid reports.
- Bounty payments are increasing. The average bounty paid to hackers for a critical vulnerability is $1,923 in 2017, compared to $1,624 in 2015 — an increase of 16 percent. The top performing bug bounty programs award hackers an average of $50,000 USD a month, with some paying around $900,000 a year.
- Vulnerability disclosure policies. Despite increased bug bounty program adoption and recommendations from federal agencies, 94 percent of the top publicly-traded companies still do not have known vulnerability disclosure policies — unchanged from 2015.
The most authoritative report on bug bounties and hacker-powered security
The 2017 Hacker-Powered Security Report examines data collected from over 800 bug bounty and vulnerability disclosure programs around the world. The report includes analysis of nearly 50,000 vulnerabilities resolved from over 13 industries, plus insight from more than 600 customers and over 100,000 registered hackers. HackerOne also analyzed vulnerability disclosure policy data from the Forbes Global 2000 to better understand hacker-powered security adoption. The 2017 Hacker-Powered Security Report is based on the most comprehensive platform dataset, and it provides insight into the adoption rate of bug bounties, pricing strategies, hacker motivations, and more.
The full report is available at: https://www.hackerone.com/resources/hacker-powered-security-report
HackerOne is the #1 hacker-powered security platform, connecting organizations with the world’s largest community of trusted hackers. More than 800 organizations, including the U.S. Department of Defense, General Motors, Uber, Twitter, GitHub, Nintendo, Kaspersky Lab, Panasonic Avionics, Qualcomm, Square, Starbucks, Dropbox and the CERT Coordination Center trust HackerOne to find critical software vulnerabilities before criminals can exploit them. HackerOne customers have resolved nearly 50,000 vulnerabilities and awarded more than $17M in bug bounties. HackerOne is headquartered in San Francisco with offices in London and the Netherlands.
Om Business Wire
(c) 2018 Business Wire, Inc., All rights reserved.
Business Wire, a Berkshire Hathaway company, is the global leader in multiplatform press release distribution.
Følg saker fra Business Wire
Registrer deg med din epostadresse under for å få de nyeste sakene fra Business Wire på epost fortløpende. Du kan melde deg av når som helst.
Siste saker fra Business Wire
Manchester United Shoots for Success with a “Digital Experience Platform” Powered by HCL16.8.2018 19:02 | Pressemelding
Manchester United (NYSE:MANU) has today announced a major milestone on its digital transformation journey with HCL Technologies, with the successful launch of the Manchester United Official app powered by HCL’s digital experience platform. The launch is part of the ongoing digital transformation of the club to provide a real-time, engaging, personalized, and unified experience to Manchester United’s 659 million global followers, which supports the club’s strategy to become a Digital Sports Enterprise. At the heart of this transformation is the digital platform developed by HCL, providing the club with a single view of fans across web and app touchpoints, offering fans a one-stop shop for everything Manchester United. Manchester United’s Group Managing Director Richard Arnold comments: “This app will allow our 659 million Manchester United followers to easily connect to the club they love, wherever they are in the world. Fans will now have the opportunity to follow all Manchester United
4K 4Charity Fun Run Announces Open Registration for IBC201816.8.2018 17:41 | Pressemelding
AWS Elemental, an Amazon Web Services (AWS) company, today announced that the fifth annual 4K 4Charity Fun Run at IBC Show will take place at 7:00 a.m. local time on Saturday, Sept. 15 at Amstelpark in Amsterdam. Registration is open at https://4k4charity.com/ibc. Among the non-profits supported by the 4K 4Charity Fun Run at IBC Show is Amsterdam-based StichtingNewTechKids, which provides computer science education for girls, minorities, and economically challenged youth in the Netherlands. The organization supports a computer science teacher training program for primary school teachers with proceeds from 4K 4Charity. Also supported is Iridescent, a global education non-profit that empowers underrepresented young people to become innovators and leaders through engineering and technology. Through their two programs, Curiosity Machine AI Family Challenge and Technovation, Iridescent introduces underserved communities to new technologies and empowers and equips them to apply those technol
2018 D.I.C.E. Cannes Announced Round 3 Speakers16.8.2018 14:01 | Pressemelding
The Academy of Interactive Arts & Sciences’ D.I.C.E. Cannes event will take place 9-11 September 2018 at the Hotel Barrière Le Majestic Cannes in France. Leading video game executives will participate in the premier networking opportunities, listen to key speakers address the conference theme - Trailblazers - to tackle some of the industry’s biggest ideas and trends. Newly announced speakers include: Craig Duncan, Studio Head at Rare – Duncan will share his studio’s experience and learnings with “A Rare Voyage of Adventure.” Duncan will provide insight into Rare’s bold new IP Sea of Thieves, a game that has inspired friendships and players creating stories together. David Hubert, Animation and Cinematic Director at Eidos Montreal – In Hubert’s talk he will discuss how cinematics are redefining AAA story-driven games and how they will continue to shape the medium to push the envelope throughout the production process. Adam Orth – In a session titled “Digging for Fire: Virtual Reality 20
GN Hearing and Google Announce Partnership to Bring Direct Mobile Streaming from Android Devices to Hearing Aids16.8.2018 13:00 | Pressemelding
GN Hearing and Google have today announced a new technology partnership that will make GN Hearing the first manufacturer to enable a full spectrum of direct audio streaming from Android devices to hearing aids. The expectations are that direct streaming will become available to hearing aid users of the recently launched hearing aids ReSound LiNX Quattro™ and Beltone Amaze™ in a future Android release. “According to the World Health Organization, around 466 million people worldwide have disabling hearing loss. This number is expected to increase to 900 million people by the year 2050. Google is working with GN Hearing to create a new open specification for hearing aid streaming support on future versions of Android devices,” states Seang Chau, Vice President of Engineering at Google. Users will be able to connect and monitor their hearing aids, so they can get the full advantages of their Android devices without using an intermediate device for streaming to their hearing aids. This will
Zurich Expands Global Use of Guidewire InsurancePlatform with Selection of Guidewire Cyence Risk Analytics16.8.2018 12:55 | Pressemelding
Guidewire Software, Inc. (NYSE: GWRE), the provider of the industry platform Property and Casualty (P&C) insurers rely upon, today announced that Zurich Insurance Group (Zurich) has selected Guidewire Cyence™ Risk Analytics (Cyence) to leverage the cyber risk knowledge and insights the solution provides to help the company prospect, underwrite, and price risks. Zurich will roll out Cyence globally with an emphasis on enhanced analytics and intelligence for risk selection. Unprecedented technological advances of the 21st century have shifted the nature of risk across the P&C insurance industry. Ever-evolving cyber risks present unique challenges including limited availability of traditional actuarial data needed to model these risks. Cyence combines economic modeling, cybersecurity, machine learning and Internet scale data collection to help risk takers assess the financial impact of cyber risk. “After conducting a thorough search, we found that the capabilities of Guidewire Cyence Risk
Scientist.com Named One of America’s Ten Fastest-Growing Private Companies by Inc. Magazine16.8.2018 12:06 | Pressemelding
Scientist.com, the world’s leading marketplace for outsourced scientific services, today announced that it ranked no. 9 on Inc. magazine’s 2018 list of the 5,000 fastest-growing, privately owned companies in America. Scientist.com ranked no. 2 nationally in the Health category and no. 2 in the state of California. The San Diego-based company builds private marketplaces that connect life science research organizations with a global network of over 2,600 contract research organizations (CROs) and providers of scientific services. “Our mission is to empower and connect scientists worldwide and make it possible to cure all human diseases by 2050,” stated Kevin Lustig, Scientist.com’s CEO and Founder. “On Scientist.com, a single, highly trained scientist can run an entire drug discovery program from concept to clinic from his or her laptop without ever physically entering a laboratory.” The pharmaceutical industry spends about $150B a year on medical research and produces about 25 new medic