HackerOne Report Shows Bug Bounty Industry and Bounty Rewards Are On the Rise Globally
HackerOne, the leading bug bounty and vulnerability disclosure platform provider, today published “The 2017 Hacker-Powered Security Report” that examines over 800 hacker-powered programs from organizations including Airbnb, GitHub, General Motors, Intel, Lufthansa, Nintendo, U.S. Department of Defense, Uber, and more. Findings are based on nearly 50,000 resolved security vulnerabilities and more than $17 million in bounties awarded -- the world’s largest platform dataset.
With data breaches averaging $4 million in losses globally and the downtime caused by attacks like WannaCry costing upwards of $8 billion, the most security conscious organizations are working with hackers to find unknown vulnerabilities. Hacker-powered security provides a way to identify high-value vulnerabilities faster, leveraging the creativity of the world’s largest ethical hacker community. The report data reveals that hackers are finding severe vulnerabilities and getting paid for it, with 32 percent of resolved vulnerabilities classified as high to critical severity, and top rewards reaching $30,000 USD for a single report.
Hackers in over 90 countries are earning bounty rewards. The most competitive organizations are awarding hackers nearly $900,000 USD a year, with critical vulnerabilities earning $1,923 on average. In the past 12 months, 88 individual bug bounties rewards were over $10,000 USD.
“Hacker-powered security programs are undeniably effective at finding vulnerabilities organizations never knew existed,” said Alex Rice, CTO and founder, HackerOne. “The report showcases the success of these programs and the diverse capabilities of the global hacker community, with nearly 50,000 security vulnerabilities resolved.”
The 2017 Hacker-Powered Security Report Key Findings:
- Bug bounties aren’t just for technology companies. While over half of bug bounty programs launched in 2016 were by technology companies, 41 percent were from other industries. Verticals showing significant year-over-year growth include government agencies, like the U.S. Department of Defense, media and entertainment, financial services and banking, and ecommerce and retail.
- Customers’ security response efficiency is improving: The average time to first response for security issues is 6 days in 2017, compared to 7 days in 2016. Ecommerce and retail organizations fix security issues in four weeks, the fastest on average.
- Responsive programs attract top hackers. Programs that are the fastest at acknowledging, validating, and resolving submitted vulnerabilities are the most attractive to hackers. Loyalty matters — repeat hackers are to thank for the majority of valid reports.
- Bounty payments are increasing. The average bounty paid to hackers for a critical vulnerability is $1,923 in 2017, compared to $1,624 in 2015 — an increase of 16 percent. The top performing bug bounty programs award hackers an average of $50,000 USD a month, with some paying around $900,000 a year.
- Vulnerability disclosure policies. Despite increased bug bounty program adoption and recommendations from federal agencies, 94 percent of the top publicly-traded companies still do not have known vulnerability disclosure policies — unchanged from 2015.
The most authoritative report on bug bounties and hacker-powered security
The 2017 Hacker-Powered Security Report examines data collected from over 800 bug bounty and vulnerability disclosure programs around the world. The report includes analysis of nearly 50,000 vulnerabilities resolved from over 13 industries, plus insight from more than 600 customers and over 100,000 registered hackers. HackerOne also analyzed vulnerability disclosure policy data from the Forbes Global 2000 to better understand hacker-powered security adoption. The 2017 Hacker-Powered Security Report is based on the most comprehensive platform dataset, and it provides insight into the adoption rate of bug bounties, pricing strategies, hacker motivations, and more.
The full report is available at: https://www.hackerone.com/resources/hacker-powered-security-report
HackerOne is the #1 hacker-powered security platform, connecting organizations with the world’s largest community of trusted hackers. More than 800 organizations, including the U.S. Department of Defense, General Motors, Uber, Twitter, GitHub, Nintendo, Kaspersky Lab, Panasonic Avionics, Qualcomm, Square, Starbucks, Dropbox and the CERT Coordination Center trust HackerOne to find critical software vulnerabilities before criminals can exploit them. HackerOne customers have resolved nearly 50,000 vulnerabilities and awarded more than $17M in bug bounties. HackerOne is headquartered in San Francisco with offices in London and the Netherlands.
Om Business Wire
Business Wire, a Berkshire Hathaway company, is the global leader in multiplatform press release distribution.
Følg saker fra Business Wire
Registrer deg med din epostadresse under for å få de nyeste sakene fra Business Wire på epost fortløpende. Du kan melde deg av når som helst.
Siste saker fra Business Wire
California Sports Surfaces Announces New Senior Leadership22.9.2017 20:21 | Pressemelding
The California Sports Surfaces (CSS) brand, as part of ICP Construction (ICP), today announces the appointments of Steve Lock as global vice president; John Graham as leader, strategic accounts and global relationships; and Malcolm Parkes as managing director, Australia California Sports Surfaces. CSS is the leading supplier of such prestigious sports surfacing solutions as DecoTurf, Plexicushion Prestige, Rebound Ace, Premier Sports Coatings, Premier Court and Plexitrac. These world-renowned product lines supply the US Open, the Australian Open and other distinguished sporting events. Steve Lock has assumed the role of global vice president, responsible for managing the US and global sales and marketing teams for California Sport Surfaces. He was previously the leader for California Sports Surfaces in Australia and the Asia/Pacific region, and will be relocating to ICP global headquar
CORRECTING and REPLACING Smiths Detection Wins Biggest Ever Single Order for Next-Generation Hold Baggage Scanner for Frankfurt Airport22.9.2017 16:02 | Pressemelding
Please replace the release with the following corrected version due to multiple revisions to the headline, subhead and body of the release. The corrected release reads: SMITHS DETECTION WINS BIGGEST EVER SINGLE ORDER FOR NEXT-GENERATION HOLD BAGGAGE SCANNER FOR FRANKFURT AIRPORT Advanced HI-SCAN 10080 XCT hold baggage scanners offer flexible, sophisticated detection capabilities Smiths Detection has won its largest single order ever for its advanced HI-SCAN 10080 XCT hold baggage scanners, with an associated eight-year service agreement. The contract covers 35 of our HI-SCAN 10080 XCT next-generation scanners to support the upgrade to the ECAC Standard 3 explosives detection systems. The solution will deliver increased security and operational efficiency, and can easily be upgraded to mee
California Sports Surfaces’ Rebound Ace Portable Court to be Used at Inaugural Laver Cup22.9.2017 14:37 | Pressemelding
California Sports Surfaces (CSS), a brand under ICP Construction (ICP), is pleased to announce its innovative Rebound Ace Portable sport surfacing system is being used in the inaugural Laver Cup in Prague, Czech Republic, Sept. 22-24, 2017. CSS’s Rebound Ace system was selected to provide comfort, consistency and playability to the Laver Cup participants, who represent the best tennis players in the world. For this event, organizers worked with California Sports Surfaces to create a stunning black surface that would keep spectators focused on the game play. Rebound Ace Portable is an interlocking, temporary court system that provides premium cushion and comfort to maximize players’ performance. It has been chosen for use for several high-profile events, including the Fed Cup, Davis Cup, and the Singapore-based WTA Finals, for which it was specifically created. Laver Cup is modeled afte
Mobile RPG ‘King’s Raid’ Set to Launch in European Markets22.9.2017 11:00 | Pressemelding
Mobile RPG “King’s Raid” which was launched in February in Korea, North America and SEA, is officially launching in European Markets (Google Play and Apple App Store) this month. This Smart News Release features multimedia. View the full release here: http://www.businesswire.com/news/home/20170922005006/en/ Mobile RPG King’s Raid is officially launching in European Markets (Google Play and Apple App Store). It is a Character Collection mobile RPG game full of charming characters and high-end graphics. It includes real-time PvP and large scale Raid content. King’s Raid was launched in February in Korea, North America, and SEA. King’s Raid developed by Vespa Interactive went viral and became a hot Mobile RPG even with limited marketing and lack of brand recognition. As it slowly made the charts in Popularity and Grossing Sales in both markets, it succeeded in reaching the Top 5 in both major App markets in Korea within a month
IBC2017 Reports Record Visitor Numbers in Its 50th Year22.9.2017 09:32 | Pressemelding
In its 50th anniversary, IBC2017 has confirmed a year-on-year increase in visitor numbers, marking a record attendance of 57,669 across the six day event. Visitors from across the expanding media ecosystem had the opportunity to learn about the opportunities offered by technologies - including social media TV, OTT, VR, AR, Cloud, IP, Bots and 5G - and to meet the most intelligent robots. Visitors to the 15 exhibition halls witnessed many exciting new launches; Launch Pad grew year-on-year with a record number of exhibitors; the Future Reality Theatre and Content Everywhere Hub free programmes were packed with diverse and new exciting content, embracing the transformation. Conference delegates packed the Forum to hear from leading experts from Facebook, Google, CNN, HTC Viveport, Dolby, C4 and ITV to discuss and debate the hot topics challenging the industry with a focus on m
The Listing of Money Trade Coin on Cryptocurrency Exchange and the Rising Promise of a New Era in Dubai21.9.2017 17:45 | Pressemelding
MONEY TRADE COIN, the new age cryptocurrency, dazzled its investors’ expectations by listing on NovaExchange. Immediate trading began post the launch by Money Trade Coin’s founder and CEO, Mr. Amit Lakhanpal and H.E. Sheikh Saqer Al Nahyan. The listing event held on September 17 at Burj Al Arab was witnessed by a list of 40 VIP businessmen including H.E. Sheikh Jumaa Al Maktoum, Mr. Faisal Almaazmi, his principal advisor and director of Greenland Capital Properties, Mr. Charles Said Kiwan founder of MVP Tech and Mr. Khaled Abdulla, Head of Communications MENA at Barclays PLC. This Smart News Release features multimedia. View the full release here: http://www.businesswire.com/news/home/20170921006013/en/ Amit Lakhanpal greets H.E. Sheikh Saqer Al Nahyan (Photo: AETOS Wire) Money Trade Coin, the propagator of the “Cryptocurrency correct knowledge” l
I vårt presserom finner du alle våre siste saker, kontaktpersoner, bilder, dokumenter og annen relevant informasjon om oss.Besøk vårt presserom