HackerOne Report Shows Bug Bounty Industry and Bounty Rewards Are On the Rise Globally
HackerOne, the leading bug bounty and vulnerability disclosure platform provider, today published “The 2017 Hacker-Powered Security Report” that examines over 800 hacker-powered programs from organizations including Airbnb, GitHub, General Motors, Intel, Lufthansa, Nintendo, U.S. Department of Defense, Uber, and more. Findings are based on nearly 50,000 resolved security vulnerabilities and more than $17 million in bounties awarded -- the world’s largest platform dataset.
With data breaches averaging $4 million in losses globally and the downtime caused by attacks like WannaCry costing upwards of $8 billion, the most security conscious organizations are working with hackers to find unknown vulnerabilities. Hacker-powered security provides a way to identify high-value vulnerabilities faster, leveraging the creativity of the world’s largest ethical hacker community. The report data reveals that hackers are finding severe vulnerabilities and getting paid for it, with 32 percent of resolved vulnerabilities classified as high to critical severity, and top rewards reaching $30,000 USD for a single report.
Hackers in over 90 countries are earning bounty rewards. The most competitive organizations are awarding hackers nearly $900,000 USD a year, with critical vulnerabilities earning $1,923 on average. In the past 12 months, 88 individual bug bounties rewards were over $10,000 USD.
“Hacker-powered security programs are undeniably effective at finding vulnerabilities organizations never knew existed,” said Alex Rice, CTO and founder, HackerOne. “The report showcases the success of these programs and the diverse capabilities of the global hacker community, with nearly 50,000 security vulnerabilities resolved.”
The 2017 Hacker-Powered Security Report Key Findings:
- Bug bounties aren’t just for technology companies. While over half of bug bounty programs launched in 2016 were by technology companies, 41 percent were from other industries. Verticals showing significant year-over-year growth include government agencies, like the U.S. Department of Defense, media and entertainment, financial services and banking, and ecommerce and retail.
- Customers’ security response efficiency is improving: The average time to first response for security issues is 6 days in 2017, compared to 7 days in 2016. Ecommerce and retail organizations fix security issues in four weeks, the fastest on average.
- Responsive programs attract top hackers. Programs that are the fastest at acknowledging, validating, and resolving submitted vulnerabilities are the most attractive to hackers. Loyalty matters — repeat hackers are to thank for the majority of valid reports.
- Bounty payments are increasing. The average bounty paid to hackers for a critical vulnerability is $1,923 in 2017, compared to $1,624 in 2015 — an increase of 16 percent. The top performing bug bounty programs award hackers an average of $50,000 USD a month, with some paying around $900,000 a year.
- Vulnerability disclosure policies. Despite increased bug bounty program adoption and recommendations from federal agencies, 94 percent of the top publicly-traded companies still do not have known vulnerability disclosure policies — unchanged from 2015.
The most authoritative report on bug bounties and hacker-powered security
The 2017 Hacker-Powered Security Report examines data collected from over 800 bug bounty and vulnerability disclosure programs around the world. The report includes analysis of nearly 50,000 vulnerabilities resolved from over 13 industries, plus insight from more than 600 customers and over 100,000 registered hackers. HackerOne also analyzed vulnerability disclosure policy data from the Forbes Global 2000 to better understand hacker-powered security adoption. The 2017 Hacker-Powered Security Report is based on the most comprehensive platform dataset, and it provides insight into the adoption rate of bug bounties, pricing strategies, hacker motivations, and more.
The full report is available at: https://www.hackerone.com/resources/hacker-powered-security-report
HackerOne is the #1 hacker-powered security platform, connecting organizations with the world’s largest community of trusted hackers. More than 800 organizations, including the U.S. Department of Defense, General Motors, Uber, Twitter, GitHub, Nintendo, Kaspersky Lab, Panasonic Avionics, Qualcomm, Square, Starbucks, Dropbox and the CERT Coordination Center trust HackerOne to find critical software vulnerabilities before criminals can exploit them. HackerOne customers have resolved nearly 50,000 vulnerabilities and awarded more than $17M in bug bounties. HackerOne is headquartered in San Francisco with offices in London and the Netherlands.
Om Business Wire
(c) 2018 Business Wire, Inc., All rights reserved.
Business Wire, a Berkshire Hathaway company, is the global leader in multiplatform press release distribution.
Følg saker fra Business Wire
Registrer deg med din epostadresse under for å få de nyeste sakene fra Business Wire på epost fortløpende. Du kan melde deg av når som helst.
Siste saker fra Business Wire
WELL Building Standard Gaining Momentum in Europe18.5.2018 14:47 | Pressemelding
As Greenbuild Europe came to a close in Berlin, the International WELL Building Institute™ (IWBI™) used the occasion to highlight how the WELL Building Standard™ (WELL™) has elevated health and well-being to the forefront of sustainability conversations across Europe. WELL continues to advance the healthy building movement as the premier standard for buildings, interior spaces and communities seeking to implement, validate and measure features that promote human health and wellness. The resonance of the program has spurred innovations across the building, design and construction industries, providing projects with customizable approaches to address geographical and cultural health concerns. To date, WELL has enrolled more than 830 projects encompassing over 155 million square feet of real estate in 32 countries worldwide. In Europe nearly 190 projects across 13 countries are engaged with WELL, representing 25% of global WELL project square footage. The strong growth of WELL over the pa
Utimaco Announces Intent to Acquire Atalla from Micro Focus18.5.2018 09:03 | Pressemelding
Utimaco, the global #2 in Hardware Security Modules (HSMs), today announced the intent to acquire the Atalla HSM and ESKM business lines from Micro Focus, which were previously owned by Hewlett Packard Enterprise (HPE) prior to the September 2017 merger of its Software business with Micro Focus. Germany-based Utimaco, active in the HSM market for over 35 years, is a global manufacturer of general purpose HSMs. Utimaco has built its market leading position focusing on indirect sales through OEM or channel business partners and selling its SecurityServer product line into industries as diverse as automotive, government, media & entertainment, smart metering, semiconductors, telecommunications and the banking and financial services sectors. Utimaco is traditionally strong in its German home market based on its longstanding German banking association certification (DK) and has recently achieved PCI accreditation for the SecurityServer product line. With the acquisition of Atalla, one of th
Janssen to Present New Data in Urothelial, Haematologic and Prostate Cancers at ASCO 2018, including Best of ASCO Selections18.5.2018 07:00 | Pressemelding
The Janssen Pharmaceutical Companies of Johnson & Johnson, today announced 21 company-sponsored abstracts will be presented at the 2018 American Society of Clinical Oncology (ASCO) Annual Meeting in Chicago, IL on June 1-5. New data analyses in support of a portfolio of products, including the investigational treatments erdafitinib and apalutamide, as well as approved treatments Imbruvica® (ibrutinib), Darzalex® (daratumumab), and Zytiga® (abiraterone acetate) will be highlighted across urothelial, haematologic and prostate cancers. Notably, Phase 2 trial results for the investigational compound erdafitinib, which received U.S. Food and Drug Administration (FDA) Breakthrough Therapy Designation, will be presented during an oral presentation on Sunday, June 3 (Abstract #4503).1,2 For haematologic cancers, Phase 3 data from the iNNOVATE study will provide the first look at ibrutinib plus rituximab versus placebo plus rituximab in patients with newly diagnosed and relapsed/refractory Wald
Karisma Hotels & Resorts to Open Allure Palazzi Kotor Bay Hotel by Karisma in June 201818.5.2018 06:00 | Pressemelding
Karisma Hotels & Resorts, an award-winning luxury hotel collection which owns and manages properties in Latin America, the Caribbean and Europe, is pleased to announce the opening of Allure Palazzi Kotor Bay Hotel by Karisma in June 2018. Built from the ground up in Montenegro’s idyllic Dobrota, the exclusive five-star beachfront property seamlessly blends stunning architecture and design with its mountainous landscape, offering spellbinding views of Kotor Bay. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20180517006456/en/ Rendering of Allure Palazzi Kotor Bay (Photo: Business Wire) Sitting on Kotor Bay’s only private beach, the resort features 89 premium guestrooms, 10 villas with private beachfront access, and three breathtaking penthouse suites, each with a balcony or terrace. Allure Palazzi Kotor Bay’s accommodations encompass sumptuous bedding, divine amenities, and carefully selected color palettes bringing the sunny
Siemens Financial Services Selects GTC’s @GlobalTrade Platform for Management of Export Documentary Credits18.5.2018 04:00 | Pressemelding
GlobalTrade Corporation (GTC) has announced today that Siemens Financial Services (SFS) has selected its @GlobalTrade Multi-bank Trade Finance Platform for management of its export documentary credits. The platform will be initially rolled out in Germany and thereafter expanded to Siemens entities globally. The system will electronically aggregate all incoming documentary credits in a global database, facilitate review and approval, assist in preparation of compliant documents and enable faster presentation of documents electronically to advising and issuing banks. Gerhard Heubeck, Head of Trade Finance Advisory at Siemens Financial Services, reasons the need for the new system implementation as follows: "After many years of using one of the first standard IT systems available for export documentary credits, the time has come to find a successor tool capable to meet the new requirements such as multi-client capability, processing of new SWIFT message formats, global accessibility, and
PayPal Significantly Expands Global Omnichannel Platform With Acquisition of iZettle17.5.2018 22:35 | Pressemelding
PayPal Holdings, Inc. (NASDAQ: PYPL) announced today that it has agreed to acquire iZettle, the leading small business commerce platform in Europe and Latin America, for $2.2 billion USD. The acquisition of iZettle significantly expands PayPal’s in-store presence, strengthening PayPal’s platform to help millions of small businesses around the world grow and thrive in an omnichannel retail environment. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20180517006443/en/ Left to right: Jacob de Geer, CEO and Co-Founder of iZettle, Dan Schulman, President and CEO of PayPal, and Bill Ready, EVP, Chief Operating Officer of PayPal. (Photo: Business Wire) “Small businesses are the engine of the global economy and we are continuing to expand our platform to help them compete and win online, in-store and via mobile,” said PayPal President and CEO Dan Schulman. “iZettle and PayPal are a strategic fit, with a shared mission, values and cult