HackerOne Report Shows Bug Bounty Industry and Bounty Rewards Are On the Rise Globally
HackerOne, the leading bug bounty and vulnerability disclosure platform provider, today published “The 2017 Hacker-Powered Security Report” that examines over 800 hacker-powered programs from organizations including Airbnb, GitHub, General Motors, Intel, Lufthansa, Nintendo, U.S. Department of Defense, Uber, and more. Findings are based on nearly 50,000 resolved security vulnerabilities and more than $17 million in bounties awarded -- the world’s largest platform dataset.
With data breaches averaging $4 million in losses globally and the downtime caused by attacks like WannaCry costing upwards of $8 billion, the most security conscious organizations are working with hackers to find unknown vulnerabilities. Hacker-powered security provides a way to identify high-value vulnerabilities faster, leveraging the creativity of the world’s largest ethical hacker community. The report data reveals that hackers are finding severe vulnerabilities and getting paid for it, with 32 percent of resolved vulnerabilities classified as high to critical severity, and top rewards reaching $30,000 USD for a single report.
Hackers in over 90 countries are earning bounty rewards. The most competitive organizations are awarding hackers nearly $900,000 USD a year, with critical vulnerabilities earning $1,923 on average. In the past 12 months, 88 individual bug bounties rewards were over $10,000 USD.
“Hacker-powered security programs are undeniably effective at finding vulnerabilities organizations never knew existed,” said Alex Rice, CTO and founder, HackerOne. “The report showcases the success of these programs and the diverse capabilities of the global hacker community, with nearly 50,000 security vulnerabilities resolved.”
The 2017 Hacker-Powered Security Report Key Findings:
- Bug bounties aren’t just for technology companies. While over half of bug bounty programs launched in 2016 were by technology companies, 41 percent were from other industries. Verticals showing significant year-over-year growth include government agencies, like the U.S. Department of Defense, media and entertainment, financial services and banking, and ecommerce and retail.
- Customers’ security response efficiency is improving: The average time to first response for security issues is 6 days in 2017, compared to 7 days in 2016. Ecommerce and retail organizations fix security issues in four weeks, the fastest on average.
- Responsive programs attract top hackers. Programs that are the fastest at acknowledging, validating, and resolving submitted vulnerabilities are the most attractive to hackers. Loyalty matters — repeat hackers are to thank for the majority of valid reports.
- Bounty payments are increasing. The average bounty paid to hackers for a critical vulnerability is $1,923 in 2017, compared to $1,624 in 2015 — an increase of 16 percent. The top performing bug bounty programs award hackers an average of $50,000 USD a month, with some paying around $900,000 a year.
- Vulnerability disclosure policies. Despite increased bug bounty program adoption and recommendations from federal agencies, 94 percent of the top publicly-traded companies still do not have known vulnerability disclosure policies — unchanged from 2015.
The most authoritative report on bug bounties and hacker-powered security
The 2017 Hacker-Powered Security Report examines data collected from over 800 bug bounty and vulnerability disclosure programs around the world. The report includes analysis of nearly 50,000 vulnerabilities resolved from over 13 industries, plus insight from more than 600 customers and over 100,000 registered hackers. HackerOne also analyzed vulnerability disclosure policy data from the Forbes Global 2000 to better understand hacker-powered security adoption. The 2017 Hacker-Powered Security Report is based on the most comprehensive platform dataset, and it provides insight into the adoption rate of bug bounties, pricing strategies, hacker motivations, and more.
The full report is available at: https://www.hackerone.com/resources/hacker-powered-security-report
HackerOne is the #1 hacker-powered security platform, connecting organizations with the world’s largest community of trusted hackers. More than 800 organizations, including the U.S. Department of Defense, General Motors, Uber, Twitter, GitHub, Nintendo, Kaspersky Lab, Panasonic Avionics, Qualcomm, Square, Starbucks, Dropbox and the CERT Coordination Center trust HackerOne to find critical software vulnerabilities before criminals can exploit them. HackerOne customers have resolved nearly 50,000 vulnerabilities and awarded more than $17M in bug bounties. HackerOne is headquartered in San Francisco with offices in London and the Netherlands.
Om Business Wire
(c) 2018 Business Wire, Inc., All rights reserved.
Business Wire, a Berkshire Hathaway company, is the global leader in multiplatform press release distribution.
Følg saker fra Business Wire
Registrer deg med din epostadresse under for å få de nyeste sakene fra Business Wire på epost fortløpende. Du kan melde deg av når som helst.
Siste saker fra Business Wire
GE’s AffinityTM: The first civil supersonic engine in 55 years – launching a new era of efficient supersonic flight15.10.2018 22:17 | Pressemelding
At a press conference with Aerion Corporation today, GE Aviation announced that it has completed the initial design of the first supersonic engine purpose-built for business jets. This new engine class, revealed today as GE’s AffinityTM turbofan, is optimized with proven GE technology for supersonic flight and timed to meet the Aerion AS2 launch. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20181015005961/en/ The name “Affinity” was chosen because it reflects this engine class’ harmonious assemblage of GE’s commercial, non-civil and business aviation propulsion technologies to bring a true step-change in commercial supersonic propulsion. (Photo: Business Wire) The Affinity is a new class of medium bypass ratio engines that provide exceptional and balanced performance across supersonic and subsonic flights. The Affinity integrates a unique blend of proven military supersonic experience, commercial reliability and the most adv
IFF to Release Third Quarter 2018 Results November 515.10.2018 20:15 | Pressemelding
Regulatory News: International Flavors & Fragrances Inc. (NYSE:IFF) (Euronext Paris: IFF) (TASE: IFF), a leading innovator of scent, taste, and nutrition, announced that it will release its third quarter 2018 earnings results following the market close on Monday, November 5, 2018. The management team will host a live webcast on Tuesday, November 6, 2018 at 10:00 a.m. ET to discuss results and outlook with the investor community. Investors may access the live webcast and accompanying slide presentation on the Company's website at ir.iff.com. For those unable to listen to the live webcast, a recorded version will be made available for replay. Meet IFF International Flavors & Fragrances Inc. (NYSE:IFF) (Euronext Paris: IFF) (TASE: IFF) is a leading innovator of scent, taste, and nutrition, with over 110 manufacturing facilities, 100 R&D centers, and 33,000 customers globally. At the heart of our company, we are fueled by a sense of discovery, constantly asking “what if?”. That passion for
Sumitomo SHI FW Wins Contract for Biomass CFB Boiler Island in South Korea15.10.2018 20:00 | Pressemelding
Sumitomo SHI FW (SFW) announces today that it has been awarded a contract by SK Engineering & Construction Co., Ltd. for design and supply of SMG Energy’s SMG Biomass Power Plant to be located in Gunsan City in the Republic of Korea. Commercial operation of the new plant is scheduled for December 2020. SFW will design and supply the 100 MWe CFB steam generator and auxiliary equipment for the boiler island. The CFB steam generator will be designed to burn 100% wood pellets, while meeting applicable environmental regulatory requirements. SFW has supplied over 30 CFB steam generators to South Korea and this is the fourth firing biomass as its primary fuel. Tomas Harju-Jeanty, CEO, Sumitomo SHI FW, said: “Both higher efficiency and the use of biomass in power generation can contribute significantly to reducing emissions of carbon dioxide. SFW’s CFB technology is a perfect solution to meet these market requirements. We are pleased to again be chosen to play a part in helping South Korea mee
AMPLEXOR to Present on Neural Machine Translation Engine at Artificial Intelligence Event: 30 Years of DFKI – 30 Years of AI for Humans15.10.2018 19:09 | Pressemelding
AMPLEXOR: MEDIA ADVISORY: The German Research Center for Artificial Intelligence (DFKI) is one of the largest Artificial Intelligence (AI) centers of excellence globally, and is celebrating the 30th anniversary of its efforts partnering and researching AI for humans with an event, 30 Years of DFKI – 30 Years of AI for Humans. AMPLEXOR is honored to be the only external partner presenting at the event and will join senior researcher from DFKI, Raphael Rubino, to demonstrate AMPLEXOR’s enterprise-grade, neural machine translation (NMT) solution, developed in collaboration with DFKI. The NMT collaboration with DFKI was announced earlier in 2018 to support the translation of content in highly specific and demanding industries, Life Sciences and medical devices. The solution aims to significantly reduce the amount of human intervention to produce professional translation quality and has consistently outperformed customized engines from well-known MT providers. What: AMPLEXOR joins DFKI to c
Lehman Brothers Treasury to Further Explore Strategic Opportunities15.10.2018 16:54 | Pressemelding
Lehman Brothers Treasury Co. B.V. in liquidation (“LBT”) today, through its U.S. counsel Kramer Levin Naftalis & Frankel LLP, announced that the liquidators of LBT are continuing to explore various strategies to, among other things, facilitate the consolidation of the LBT creditor base and the wind-down of the LBT estate. To that end, the liquidators of LBT intend to engage with certain of LBT’s creditors and other market participants regarding potential strategies, including, but not limited to, a potential sale of a portion of LBT’s assets. No assurances can be made that any strategy will be employed, or if one is employed, the timing of its implementation. LBT does not undertake to publicly update its disclosure to reflect developments in this matter. View source version on businesswire.com: https://www.businesswire.com/news/home/20181015005777/en/ Contact information Kramer Levin Naftalis & Frankel LLP Daniel Eggermann, 212-715-9495
SFL – Third-Quarter 2018 Financial Information15.10.2018 16:28 | Pressemelding
Regulatory News: SFL (Paris:FLY): Consolidated revenue by business segment (€000's) 2018 (9 months) 2017 (9 months) Rental income 143,790 147,819 o/w Paris Central Business District 119,038 114,326 Paris Other 22,479 21,526 Western Crescent 2,273 11,967 Other revenue 0 0 Total consolidated revenue 143,790 147,819 At €143.8 million, consolidated rental income for the first nine months of 2018 was down €4.0 million or 2.7% compared to the €147.8 million reported for the same period of 2017. The decline was due to the disposal of the IN/OUT property in September 2017, the effects of which were offset to a significant extent by growth in like-for-like income. On a like-for-like basis (excluding all changes in the portfolio affecting period-on-period comparisons), rental income was €6.0 million (4.6%) higher, reflecting the contribution of new leases signed in 2017 and 2018, mainly in the Washington Plaza, 103 Grenelle, Cézanne Saint-Honoré and 9 Percier properties, as well as an increase i