HackerOne Report Shows Bug Bounty Industry and Bounty Rewards Are On the Rise Globally
HackerOne, the leading bug bounty and vulnerability disclosure platform provider, today published “The 2017 Hacker-Powered Security Report” that examines over 800 hacker-powered programs from organizations including Airbnb, GitHub, General Motors, Intel, Lufthansa, Nintendo, U.S. Department of Defense, Uber, and more. Findings are based on nearly 50,000 resolved security vulnerabilities and more than $17 million in bounties awarded -- the world’s largest platform dataset.
With data breaches averaging $4 million in losses globally and the downtime caused by attacks like WannaCry costing upwards of $8 billion, the most security conscious organizations are working with hackers to find unknown vulnerabilities. Hacker-powered security provides a way to identify high-value vulnerabilities faster, leveraging the creativity of the world’s largest ethical hacker community. The report data reveals that hackers are finding severe vulnerabilities and getting paid for it, with 32 percent of resolved vulnerabilities classified as high to critical severity, and top rewards reaching $30,000 USD for a single report.
Hackers in over 90 countries are earning bounty rewards. The most competitive organizations are awarding hackers nearly $900,000 USD a year, with critical vulnerabilities earning $1,923 on average. In the past 12 months, 88 individual bug bounties rewards were over $10,000 USD.
“Hacker-powered security programs are undeniably effective at finding vulnerabilities organizations never knew existed,” said Alex Rice, CTO and founder, HackerOne. “The report showcases the success of these programs and the diverse capabilities of the global hacker community, with nearly 50,000 security vulnerabilities resolved.”
The 2017 Hacker-Powered Security Report Key Findings:
- Bug bounties aren’t just for technology companies. While over half of bug bounty programs launched in 2016 were by technology companies, 41 percent were from other industries. Verticals showing significant year-over-year growth include government agencies, like the U.S. Department of Defense, media and entertainment, financial services and banking, and ecommerce and retail.
- Customers’ security response efficiency is improving: The average time to first response for security issues is 6 days in 2017, compared to 7 days in 2016. Ecommerce and retail organizations fix security issues in four weeks, the fastest on average.
- Responsive programs attract top hackers. Programs that are the fastest at acknowledging, validating, and resolving submitted vulnerabilities are the most attractive to hackers. Loyalty matters — repeat hackers are to thank for the majority of valid reports.
- Bounty payments are increasing. The average bounty paid to hackers for a critical vulnerability is $1,923 in 2017, compared to $1,624 in 2015 — an increase of 16 percent. The top performing bug bounty programs award hackers an average of $50,000 USD a month, with some paying around $900,000 a year.
- Vulnerability disclosure policies. Despite increased bug bounty program adoption and recommendations from federal agencies, 94 percent of the top publicly-traded companies still do not have known vulnerability disclosure policies — unchanged from 2015.
The most authoritative report on bug bounties and hacker-powered security
The 2017 Hacker-Powered Security Report examines data collected from over 800 bug bounty and vulnerability disclosure programs around the world. The report includes analysis of nearly 50,000 vulnerabilities resolved from over 13 industries, plus insight from more than 600 customers and over 100,000 registered hackers. HackerOne also analyzed vulnerability disclosure policy data from the Forbes Global 2000 to better understand hacker-powered security adoption. The 2017 Hacker-Powered Security Report is based on the most comprehensive platform dataset, and it provides insight into the adoption rate of bug bounties, pricing strategies, hacker motivations, and more.
The full report is available at: https://www.hackerone.com/resources/hacker-powered-security-report
HackerOne is the #1 hacker-powered security platform, connecting organizations with the world’s largest community of trusted hackers. More than 800 organizations, including the U.S. Department of Defense, General Motors, Uber, Twitter, GitHub, Nintendo, Kaspersky Lab, Panasonic Avionics, Qualcomm, Square, Starbucks, Dropbox and the CERT Coordination Center trust HackerOne to find critical software vulnerabilities before criminals can exploit them. HackerOne customers have resolved nearly 50,000 vulnerabilities and awarded more than $17M in bug bounties. HackerOne is headquartered in San Francisco with offices in London and the Netherlands.
Om Business Wire
(c) 2018 Business Wire, Inc., All rights reserved.
Business Wire, a Berkshire Hathaway company, is the global leader in multiplatform press release distribution.
Følg saker fra Business Wire
Registrer deg med din epostadresse under for å få de nyeste sakene fra Business Wire på epost fortløpende. Du kan melde deg av når som helst.
Siste saker fra Business Wire
Entersekt Partners With ForgeRock20.2.2018 06:00 | Pressemelding
Entersekt, a pioneer in mobile-first authentication and e-commerce enablement, announced today that it has joined the ForgeRock Trust Network as a principal technology partner. ForgeRock is a leading provider of identity and access management solutions to a wide range of industries, including financial services, retail, healthcare, higher education, and communications, in addition to governments like Belgium, Canada, New Zealand, and Norway. Entersekt’s advanced mobile app security, authentication, and digital signing technology is now available to ForgeRock’s customers as a convenient means of securing consumers, citizens, services, and connected devices. Built on open standards, Entersekt’s software integrates seamlessly with omni-channel identity and access management systems like ForgeRock’s. But by aligning closely on a technical and business level, the two companies are better able to unlock value for their shared customer base from product design to support. “As Entersekt did wi
Zonoville Investments Limited Announces Agreement on Acquisition of RUSAL Shares19.2.2018 18:19 | Pressemelding
Zonoville Investments Limited, a consortium of investors led by Renova Group and Access Industries, announced today that it had reached an agreement with Onexim Group to purchase its 6% stake in the United Company RUSAL Plc. Following completion of the purchase, Zonoville Investments Limited and its associate SUAL Partners Limited will hold, in aggregate, approximately a 26.5% interest in United Company RUSAL Plc. About Renova Renova Group of companies (www.renova.ru) is a major private Russian business group which owns and manages assets in metallurgy, mining, chemical, construction, transport, energy, telecommunications, high-tech engineering, public utilities, medicine and financial sectors in Russia and abroad (CIS, Switzerland, Italy, South Africa and the United States of America). Renova’s largest assets include its interests in UC Rusal, T Plus Group, OCTO Telematics and Swiss-based technology concerns Schmolz+Bickenbach, OC Oerlikon, and Sulzer. About Access Industries Founded
The Digital Health Technology Show: The Leading Show for Healthcare Innovation Comes to London19.2.2018 18:05 | Pressemelding
Medical innovation will take centre stage for 2018, at the largest wearables and disruptive health technology event in the world, with never before-seen devices and applications and a raft of industry-leading speakers. The Digital Health Technology Show returns to London on the 13th & 14th March 2018 at London’s Excel, gathering together more than 6,000 attendees and over 100 exhibitors. The 2018 Conference programme boasts three tracks, with over 100 hours of content programmed. Attendees can choose to attend talks on the Digital Health Disrupt Stage – covering global innovation in healthcare, the Leadership Theatre – where senior healthcare figures in the UK will discuss and debate the challenges ahead, or the Patient Engagement Stage – delivering insights into how technology is being used in the real world. There will also be demonstrations of the latest medical innovations on the Innovation Stage, which will also host a start up competition – The Health Innovation Award. Over 200 s
World Patient Safety Summit is Sold Out But Space is Available at the Breakout Sessions, Held the Day after the World Summit, at the Royal Society in London19.2.2018 13:00 | Pressemelding
The latest advances in vaccine safety, reducing unnecessary C-sections and person & patient engagement will be among the varied breakout sessions offered the day after the 6th Annual World Patient Safety, Science & Technology Summit in London by the Patient Safety Movement Foundation. The breakout sessions will convene on Sunday, February 25, 2018 at the prestigious Royal Society, the independent scientific academy of the United Kingdom and the Commonwealth, dedicated to promoting excellence in science. This press release features multimedia. View the full release here: http://www.businesswire.com/news/home/20180219005119/en/ Limited Space available to participate with experts at the 6th Annual World Patient Safety, Science & Technology Summit Break Out Sessions at the Royal Society in London (Photo: Business Wire) The breakout sessions are full-day working meetings structured for shared learning on existing Actionable Patient Safety Solutions (APSS) – collaborative, evidence-based pro
Tampere Attracts AV Productions with a New Incentive19.2.2018 12:41 | Pressemelding
One of the City of Tampere’s strategic goals is to be an international meeting place for creativity and innovation. The development of the experience economy is an essential focus of the city’s business policy. The incentive system is being used to attract more local, national and international productions to the Tampere region. The goal is to promote the development of the industry and to increase the number of jobs and the turnover of commercial productions in Tampere. Through the incentive system, an audiovisual production may recover some of the costs it has spent on wages and service purchases in the Tampere region. A production meeting the incentive criteria may be refunded 10–15 per cent of the accepted costs accrued in the region. Professional productions that utilise the Tampere region as their location or use expertise from the area may apply for the incentive. Thanks to the growing number of productions, Tampere will become more visible in films and TV shows, which will add
Tempo Grows Revenue by 38% in 2017 to $17.9 Million19.2.2018 11:14 | Pressemelding
Tempo, creator of efficiency-enhancing project management software solutions for Atlassian’s Jira platform, announced strong results for its 2017 fiscal year ending December 31, 2017. “2017 marks another productive and successful year for Tempo, with December our highest grossing month ever and sales across our product range exceeding expectations,” commented Agust Einarsson, CEO, “The completion of our new cloud infrastructure and successful migration of our entire customer base to Amazon Web Services (AWS) marks a strategic milestone, empowering Tempo with a more scalable underlying platform and enabling us to deploy products to customers faster.” Highlights for 2017 include: Revenue grew 38% year-over-year to US$17.9 million Almost 2,000 new customers were acquired Launched our new cloud infrastructure Expanded product footprint beyond the Atlassian environment with Tempo for Slack North American operations continued to grow More than 120 partners worldwide Celebrated our 10-year an