HackerOne Report Shows Bug Bounty Industry and Bounty Rewards Are On the Rise Globally
HackerOne, the leading bug bounty and vulnerability disclosure platform provider, today published “The 2017 Hacker-Powered Security Report” that examines over 800 hacker-powered programs from organizations including Airbnb, GitHub, General Motors, Intel, Lufthansa, Nintendo, U.S. Department of Defense, Uber, and more. Findings are based on nearly 50,000 resolved security vulnerabilities and more than $17 million in bounties awarded -- the world’s largest platform dataset.
With data breaches averaging $4 million in losses globally and the downtime caused by attacks like WannaCry costing upwards of $8 billion, the most security conscious organizations are working with hackers to find unknown vulnerabilities. Hacker-powered security provides a way to identify high-value vulnerabilities faster, leveraging the creativity of the world’s largest ethical hacker community. The report data reveals that hackers are finding severe vulnerabilities and getting paid for it, with 32 percent of resolved vulnerabilities classified as high to critical severity, and top rewards reaching $30,000 USD for a single report.
Hackers in over 90 countries are earning bounty rewards. The most competitive organizations are awarding hackers nearly $900,000 USD a year, with critical vulnerabilities earning $1,923 on average. In the past 12 months, 88 individual bug bounties rewards were over $10,000 USD.
“Hacker-powered security programs are undeniably effective at finding vulnerabilities organizations never knew existed,” said Alex Rice, CTO and founder, HackerOne. “The report showcases the success of these programs and the diverse capabilities of the global hacker community, with nearly 50,000 security vulnerabilities resolved.”
The 2017 Hacker-Powered Security Report Key Findings:
- Bug bounties aren’t just for technology companies. While over half of bug bounty programs launched in 2016 were by technology companies, 41 percent were from other industries. Verticals showing significant year-over-year growth include government agencies, like the U.S. Department of Defense, media and entertainment, financial services and banking, and ecommerce and retail.
- Customers’ security response efficiency is improving: The average time to first response for security issues is 6 days in 2017, compared to 7 days in 2016. Ecommerce and retail organizations fix security issues in four weeks, the fastest on average.
- Responsive programs attract top hackers. Programs that are the fastest at acknowledging, validating, and resolving submitted vulnerabilities are the most attractive to hackers. Loyalty matters — repeat hackers are to thank for the majority of valid reports.
- Bounty payments are increasing. The average bounty paid to hackers for a critical vulnerability is $1,923 in 2017, compared to $1,624 in 2015 — an increase of 16 percent. The top performing bug bounty programs award hackers an average of $50,000 USD a month, with some paying around $900,000 a year.
- Vulnerability disclosure policies. Despite increased bug bounty program adoption and recommendations from federal agencies, 94 percent of the top publicly-traded companies still do not have known vulnerability disclosure policies — unchanged from 2015.
The most authoritative report on bug bounties and hacker-powered security
The 2017 Hacker-Powered Security Report examines data collected from over 800 bug bounty and vulnerability disclosure programs around the world. The report includes analysis of nearly 50,000 vulnerabilities resolved from over 13 industries, plus insight from more than 600 customers and over 100,000 registered hackers. HackerOne also analyzed vulnerability disclosure policy data from the Forbes Global 2000 to better understand hacker-powered security adoption. The 2017 Hacker-Powered Security Report is based on the most comprehensive platform dataset, and it provides insight into the adoption rate of bug bounties, pricing strategies, hacker motivations, and more.
The full report is available at: https://www.hackerone.com/resources/hacker-powered-security-report
About HackerOne
HackerOne is the #1 hacker-powered security platform, connecting organizations with the world’s largest community of trusted hackers. More than 800 organizations, including the U.S. Department of Defense, General Motors, Uber, Twitter, GitHub, Nintendo, Kaspersky Lab, Panasonic Avionics, Qualcomm, Square, Starbucks, Dropbox and the CERT Coordination Center trust HackerOne to find critical software vulnerabilities before criminals can exploit them. HackerOne customers have resolved nearly 50,000 vulnerabilities and awarded more than $17M in bug bounties. HackerOne is headquartered in San Francisco with offices in London and the Netherlands.
To view this piece of content from cts.businesswire.com, please give your consent at the top of this page.
View source version on businesswire.com: http://www.businesswire.com/news/home/20170627005599/en/
Contact information
HackerOne
Lauren Koszarek
lauren@hackerone.com
or
Bateman
Group
Margaret Pack, 619-609-3919
hackerone@bateman-group.com
About Business Wire
For more than 50 years, Business Wire has been the global leader in press release distribution and regulatory disclosure.
Subscribe to releases from Business Wire
Subscribe to all the latest releases from Business Wire by registering your e-mail address below. You can unsubscribe at any time.
Latest releases from Business Wire
The Coca-Cola Company Names New Leader for Europe Operating Unit18.7.2025 22:00:00 EEST | Press release
The Coca-Cola Company today announced that Luisa Ortega will become president of the Europe operating unit effective Sept. 1, succeeding Nikos Koumettis, who will retire in 2026 after a 25-year career with the company. Koumettis will remain with the company through Feb. 28, 2026, as a senior advisor. He will also serve on the board of directors of Hindustan Coca-Cola Beverages Pvt. Ltd., a company-owned bottler in India. Ortega joined Coca-Cola in 2019 and currently serves as president of the Africa operating unit. In this role, she leads a complex business that operates across 54 markets. Koumettis has led the Europe operating unit since it was created in 2021. “Luisa has done an outstanding job leading our African business, where our system has continued to make major investments to serve growing markets on the continent,” said Henrique Braun, Executive Vice President and Chief Operating Officer of The Coca-Cola Company. “As head of Europe, she will bring great international experien
NFL Running Back Derrick Henry Joins Amazfit as Athlete Ambassador18.7.2025 16:00:00 EEST | Press release
Amazfit, a leading global smart wearables brand owned by Zepp Health (NYSE: ZEPP), announced Baltimore Ravens running back Derrick Henry as the newest elite athlete to join its growing roster of ambassadors. Known for his rare combination of speed and strength, Henry will utilize Amazfit wearables to power every phase of his training, recovery and sleep as he prepares for his 10th NFL season. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20250718322498/en/ Derrick Henry is the newest elite athlete to join Amazfit's growing roster of ambassadors. As one of the most prolific running backs of his generation, Henry has amassed an impressive array of accolades during his career, including NFL Offensive Player of the Year, two rushing titles, and five Pro Bowl selections. With Amazfit as his official smart wearable partner, the former Heisman winner will integrate advanced health and fitness tracking into his training regimen and r
Qualcomm Announces Quarterly Cash Dividend18.7.2025 16:00:00 EEST | Press release
Qualcomm Incorporated (NASDAQ: QCOM) today announced a quarterly cash dividend of $0.89 per common share, payable on September 25, 2025, to stockholders of record at the close of business on September 4, 2025. About Qualcomm Qualcomm relentlessly innovates to deliver intelligent computing everywhere, helping the world tackle some of its most important challenges. Building on our 40 years of technology leadership in creating era-defining breakthroughs, we deliver a broad portfolio of solutions built with our leading-edge AI, high-performance, low-power computing, and unrivaled connectivity. Our Snapdragon® platforms power extraordinary consumer experiences, and our Qualcomm Dragonwing™ products empower businesses and industries to scale to new heights. Together with our ecosystem partners, we enable next-generation digital transformation to enrich lives, improve businesses, and advance societies. At Qualcomm, we are engineering human progress. Qualcomm Incorporated includes our licensin
MultiBank Group Confirms $MBG Token Listings on MEXC and Gate.io on TGE Day in Addition to MultiBank.io and Uniswap18.7.2025 15:34:00 EEST | Press release
MultiBank Group, the world’s largest & most regulated financial derivatives institution, is proud to announce that its highly anticipated $MBG Token will be listed on two new major global cryptocurrency exchanges — MEXC and Gate.io — on the day of its official Token Generation Event (TGE), July 22, 2025, in addition to MultiBank.io and Uniswap. The $MBG Token will go live on: MultiBank.ioGate.ioMEXCUniswap This new dual listing will allow millions of users across both exchanges to seamlessly access and trade $MBG using their existing accounts, ensuring immediate market participation at launch. The Token Generation Event (TGE) is now approaching following the successful completion of two pre-sale rounds, where MultiBank Group issued 7 million tokens in Round 1 and 3 million tokens in Round 2 — both of which sold out within minutes. Naser Taher, Chairman and Founder of MultiBank Group said “With $MBG, we’re introducing a utility token built to deliver real-world value, transparency, and
SLB Announces Second-Quarter 2025 Results18.7.2025 13:50:00 EEST | Press release
SLB (NYSE: SLB) today announced results for the second-quarter 2025. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20250716727689/en/ The exterior of the SLB headquarters in Houston, Texas. Second-Quarter Results (Stated in millions, except per share amounts)Three Months EndedChangeJun. 30, 2025Mar. 31, 2025Jun. 30, 2024SequentialYear-on-yearRevenue $8,546 $8,490 $9,139 1% -6% Income before taxes - GAAP basis $1,285 $1,063 $1,421 21% -10% Income before taxes margin - GAAP basis 15.0% 12.5% 15.5% 251 bps -52 bps Net income attributable to SLB - GAAP basis $1,014 $797 $1,112 27% -9% Diluted EPS - GAAP basis $0.74 $0.58 $0.77 28% -4% Adjusted EBITDA* $2,051 $2,020 $2,288 2% -10% Adjusted EBITDA margin* 24.0% 23.8% 25.0% 21 bps -103 bps Pretax segment operating income* $1,584 $1,556 $1,854 2% -15% Pretax segment operating margin* 18.5% 18.3% 20.3% 20 bps -175 bps Net income attributable to SLB, excluding charges & credits* $1,016
In our pressroom you can read all our latest releases, find our press contacts, images, documents and other relevant information about us.
Visit our pressroom