Business Wire

HackerOne Report Shows Bug Bounty Industry and Bounty Rewards Are On the Rise Globally

Del

HackerOne, the leading bug bounty and vulnerability disclosure platform provider, today published “The 2017 Hacker-Powered Security Report” that examines over 800 hacker-powered programs from organizations including Airbnb, GitHub, General Motors, Intel, Lufthansa, Nintendo, U.S. Department of Defense, Uber, and more. Findings are based on nearly 50,000 resolved security vulnerabilities and more than $17 million in bounties awarded -- the world’s largest platform dataset.

With data breaches averaging $4 million in losses globally and the downtime caused by attacks like WannaCry costing upwards of $8 billion, the most security conscious organizations are working with hackers to find unknown vulnerabilities. Hacker-powered security provides a way to identify high-value vulnerabilities faster, leveraging the creativity of the world’s largest ethical hacker community. The report data reveals that hackers are finding severe vulnerabilities and getting paid for it, with 32 percent of resolved vulnerabilities classified as high to critical severity, and top rewards reaching $30,000 USD for a single report.

Hackers in over 90 countries are earning bounty rewards. The most competitive organizations are awarding hackers nearly $900,000 USD a year, with critical vulnerabilities earning $1,923 on average. In the past 12 months, 88 individual bug bounties rewards were over $10,000 USD.

“Hacker-powered security programs are undeniably effective at finding vulnerabilities organizations never knew existed,” said Alex Rice, CTO and founder, HackerOne. “The report showcases the success of these programs and the diverse capabilities of the global hacker community, with nearly 50,000 security vulnerabilities resolved.”

The 2017 Hacker-Powered Security Report Key Findings:

  • Bug bounties aren’t just for technology companies. While over half of bug bounty programs launched in 2016 were by technology companies, 41 percent were from other industries. Verticals showing significant year-over-year growth include government agencies, like the U.S. Department of Defense, media and entertainment, financial services and banking, and ecommerce and retail.
  • Customers’ security response efficiency is improving: The average time to first response for security issues is 6 days in 2017, compared to 7 days in 2016. Ecommerce and retail organizations fix security issues in four weeks, the fastest on average.
  • Responsive programs attract top hackers. Programs that are the fastest at acknowledging, validating, and resolving submitted vulnerabilities are the most attractive to hackers. Loyalty matters — repeat hackers are to thank for the majority of valid reports.
  • Bounty payments are increasing. The average bounty paid to hackers for a critical vulnerability is $1,923 in 2017, compared to $1,624 in 2015 — an increase of 16 percent. The top performing bug bounty programs award hackers an average of $50,000 USD a month, with some paying around $900,000 a year.
  • Vulnerability disclosure policies. Despite increased bug bounty program adoption and recommendations from federal agencies, 94 percent of the top publicly-traded companies still do not have known vulnerability disclosure policies — unchanged from 2015.

The most authoritative report on bug bounties and hacker-powered security

The 2017 Hacker-Powered Security Report examines data collected from over 800 bug bounty and vulnerability disclosure programs around the world. The report includes analysis of nearly 50,000 vulnerabilities resolved from over 13 industries, plus insight from more than 600 customers and over 100,000 registered hackers. HackerOne also analyzed vulnerability disclosure policy data from the Forbes Global 2000 to better understand hacker-powered security adoption. The 2017 Hacker-Powered Security Report is based on the most comprehensive platform dataset, and it provides insight into the adoption rate of bug bounties, pricing strategies, hacker motivations, and more.

The full report is available at: https://www.hackerone.com/resources/hacker-powered-security-report

About HackerOne

HackerOne is the #1 hacker-powered security platform, connecting organizations with the world’s largest community of trusted hackers. More than 800 organizations, including the U.S. Department of Defense, General Motors, Uber, Twitter, GitHub, Nintendo, Kaspersky Lab, Panasonic Avionics, Qualcomm, Square, Starbucks, Dropbox and the CERT Coordination Center trust HackerOne to find critical software vulnerabilities before criminals can exploit them. HackerOne customers have resolved nearly 50,000 vulnerabilities and awarded more than $17M in bug bounties. HackerOne is headquartered in San Francisco with offices in London and the Netherlands.

Contact information

HackerOne
Lauren Koszarek
lauren@hackerone.com
or
Bateman Group
Margaret Pack, 619-609-3919
hackerone@bateman-group.com

Om Business Wire

Business Wire
Business Wire
24 Martin Lane
EC4R 0DR London

+44 20 7626 1982http://www.businesswire.co.uk

Business Wire, a Berkshire Hathaway company, is the global leader in multiplatform press release distribution.

Følg saker fra Business Wire

Registrer deg med din epostadresse under for å få de nyeste sakene fra Business Wire på epost fortløpende. Du kan melde deg av når som helst.

Siste saker fra Business Wire

Janssen Seeks Expanded Use of DARZALEX®▼ (daratumumab) from EMA in Newly Diagnosed Multiple Myeloma21.11.2017 14:40Pressemelding

Janssen-Cilag International NV today announced the submission of a Type II variation application to the European Medicines Agency (EMA), for the immunotherapy DARZALEX®▼ (daratumumab). The application seeks to broaden the existing marketing authorisation to include daratumumab in combination with bortezomib, melphalan and prednisone for the treatment of adult patients with newly diagnosed multiple myeloma who are ineligible for autologous stem cell transplant. “This submission to health authorities takes us one step closer to our goal of redefining combination therapy in multiple myeloma, with the potential to make daratumumab available to more patients throughout the treatment continuum: from newly diagnosed, to heavily pre-treated,” said Dr Catherine Taylor, Haematology Therapeutic Area Lead, Janssen Europe, Middle East and Africa (EMEA). “We look forward to working closely with the

Andersen Global Announces Expansion in Uganda21.11.2017 14:30Pressemelding

Andersen Global is proud to announce a presence in Uganda by way of a Collaboration Agreement with Ligomarc Advocates, a financial and corporate tax and legal firm. The firm is led by Managing Partner, Kabiito Karamagi. The addition of Ligomarc Advocates as a Collaborating Firm of Andersen Global continues the organization’s expansion in Africa. Ligomarc is Andersen Global’s fourth location in Africa. “Integrity, excellence, and putting the client at the center have always been of paramount importance to us, and our collaboration with Andersen Global will allow us to ensure our clients receive the best-in-class service internationally,” commented Kabiito Karamagi. “The team at Andersen shares our values of outstanding, seamless client service and independence—this is a natural fit.” Ligomarc Advocates was founded as a sole practice over fifteen years ago by Ruth Sebatindira,

SIA Launches a New Digital Platform for Instant Payments21.11.2017 14:00Pressemelding

SIA launches “SIA EasyWay”, the new digital platform which allows banks and other payment service providers (PSPs) to manage at European level the instant payments available from 21 November on EBA Clearing’s RT1 infrastructure developed by SIA, in addition to all other SEPA payment and collection instruments. In fact, as of this date, citizens and companies in 34 countries in the Single Euro Payments Area (SEPA) are able to transfer and receive sums of up to €15,000 per individual transaction in less than 10 seconds through a service available 24 hours a day, 365 days a year, in line with the SEPA Instant Credit Transfer (transfer with real-time and irrevocable credit) scheme of the European Payments Council (EPC). “SIA EasyWay” was created with the aim of helping financial institutions and PSPs with adoption and management of SEPA instruments (such as SCTs and SDDs), of in

Keio Plaza Hotel Tokyo Hosts "Sky Jazz Night" Events in the "Premier Grand" Club Lounge21.11.2017 14:00Pressemelding

Keio Plaza Hotel Tokyo (KPH), one of Japan’s most prestigious international hotels located in Shinjuku, Tokyo, will host special jazz events for guests staying in our “Premier Grand” Club Floor on December 7, 8, 14, 15, and 16, 2017. A duo consisting of piano and contrabass artists will perform 30 minutes jazz sessions in our Club Lounge located on the 45th floor at 5:30p.m., 6:30p.m., and 7:30p.m. Guests listening to these jazz sessions can enjoy complimentary hors d’ oeuvres, and alcoholic and non-alcoholic beverages. This press release features multimedia. View the full release here: http://www.businesswire.com/news/home/20171121005017/en/ Club Floor "Premier Grand," Club Lounge (Photo: Business Wire) Our “Premier Grand” Club Floors were renovated and newly opened in December 2016, with guest rooms being fitted with various premium items

Biogen Appoints Jeff Capello as Executive Vice President and Chief Financial Officer21.11.2017 12:30Pressemelding

Biogen (Nasdaq: BIIB) announced today the appointment of Jeffrey D. Capello as Executive Vice President and Chief Financial Officer effective as of December 11, 2017. Mr. Capello will lead Biogen’s Business Planning, Tax, Treasury, Internal Audit, Accounting, and Investor Relations functions. He will report to Michel Vounatsos, CEO of Biogen, will be a member of the Executive Committee, and will be based in Cambridge, Mass. Mr. Capello brings 26 years of experience in finance. Most recently he was Executive Vice President and Chief Financial Officer of Beacon Health Options Inc. His previous experience includes founding and running his own company, Monomy Advisors, and serving as Chief Financial Officer of Ortho Clinical Diagnostics, Boston Scientific Corporation, and Perkin Elmer. Earlier in his career he was also a partner in the Boston and Amsterdam offices of PwC.

The Brightline Initiative Announces the Addition of Saudi Telecom Company - STC21.11.2017 12:20Pressemelding

The Brightline Initiative announced today that Saudi Telecom Company (STC) is joining the Brightline Initiative coalition to help advance the discipline of strategic initiative management and bridge gaps between enterprise strategy design and delivery. This press release features multimedia. View the full release here: http://www.businesswire.com/news/home/20171121005474/en/ Signature of Coalition agreement by STC Group CEO, Dr. Khaled Biyari and Brightline Executive Director Ricardo Vargas (Photo: Business Wire) The initiative’s agreement has been signed by STC Group CEO, Dr. Khaled Biyari and by Brightline Executive Director Ricardo Vargas. Launched early in 2017 by the Project Management Institute (PMI), the Boston Consulting Group (BCG) and the Agile Alliance, the Brightline Initiative is a non-commercial coalition dedicated to helping executives

I vårt presserom finner du alle våre siste saker, kontaktpersoner, bilder, dokumenter og annen relevant informasjon om oss.

Besøk vårt presserom