HackerOne Report Shows Bug Bounty Industry and Bounty Rewards Are On the Rise Globally
27.6.2017 17:00:00 EEST | Business Wire | Press release
HackerOne, the leading bug bounty and vulnerability disclosure platform provider, today published “The 2017 Hacker-Powered Security Report” that examines over 800 hacker-powered programs from organizations including Airbnb, GitHub, General Motors, Intel, Lufthansa, Nintendo, U.S. Department of Defense, Uber, and more. Findings are based on nearly 50,000 resolved security vulnerabilities and more than $17 million in bounties awarded -- the world’s largest platform dataset.
With data breaches averaging $4 million in losses globally and the downtime caused by attacks like WannaCry costing upwards of $8 billion, the most security conscious organizations are working with hackers to find unknown vulnerabilities. Hacker-powered security provides a way to identify high-value vulnerabilities faster, leveraging the creativity of the world’s largest ethical hacker community. The report data reveals that hackers are finding severe vulnerabilities and getting paid for it, with 32 percent of resolved vulnerabilities classified as high to critical severity, and top rewards reaching $30,000 USD for a single report.
Hackers in over 90 countries are earning bounty rewards. The most competitive organizations are awarding hackers nearly $900,000 USD a year, with critical vulnerabilities earning $1,923 on average. In the past 12 months, 88 individual bug bounties rewards were over $10,000 USD.
“Hacker-powered security programs are undeniably effective at finding vulnerabilities organizations never knew existed,” said Alex Rice, CTO and founder, HackerOne. “The report showcases the success of these programs and the diverse capabilities of the global hacker community, with nearly 50,000 security vulnerabilities resolved.”
The 2017 Hacker-Powered Security Report Key Findings:
- Bug bounties aren’t just for technology companies. While over half of bug bounty programs launched in 2016 were by technology companies, 41 percent were from other industries. Verticals showing significant year-over-year growth include government agencies, like the U.S. Department of Defense, media and entertainment, financial services and banking, and ecommerce and retail.
- Customers’ security response efficiency is improving: The average time to first response for security issues is 6 days in 2017, compared to 7 days in 2016. Ecommerce and retail organizations fix security issues in four weeks, the fastest on average.
- Responsive programs attract top hackers. Programs that are the fastest at acknowledging, validating, and resolving submitted vulnerabilities are the most attractive to hackers. Loyalty matters — repeat hackers are to thank for the majority of valid reports.
- Bounty payments are increasing. The average bounty paid to hackers for a critical vulnerability is $1,923 in 2017, compared to $1,624 in 2015 — an increase of 16 percent. The top performing bug bounty programs award hackers an average of $50,000 USD a month, with some paying around $900,000 a year.
- Vulnerability disclosure policies. Despite increased bug bounty program adoption and recommendations from federal agencies, 94 percent of the top publicly-traded companies still do not have known vulnerability disclosure policies — unchanged from 2015.
The most authoritative report on bug bounties and hacker-powered security
The 2017 Hacker-Powered Security Report examines data collected from over 800 bug bounty and vulnerability disclosure programs around the world. The report includes analysis of nearly 50,000 vulnerabilities resolved from over 13 industries, plus insight from more than 600 customers and over 100,000 registered hackers. HackerOne also analyzed vulnerability disclosure policy data from the Forbes Global 2000 to better understand hacker-powered security adoption. The 2017 Hacker-Powered Security Report is based on the most comprehensive platform dataset, and it provides insight into the adoption rate of bug bounties, pricing strategies, hacker motivations, and more.
The full report is available at: https://www.hackerone.com/resources/hacker-powered-security-report
About HackerOne
HackerOne is the #1 hacker-powered security platform, connecting organizations with the world’s largest community of trusted hackers. More than 800 organizations, including the U.S. Department of Defense, General Motors, Uber, Twitter, GitHub, Nintendo, Kaspersky Lab, Panasonic Avionics, Qualcomm, Square, Starbucks, Dropbox and the CERT Coordination Center trust HackerOne to find critical software vulnerabilities before criminals can exploit them. HackerOne customers have resolved nearly 50,000 vulnerabilities and awarded more than $17M in bug bounties. HackerOne is headquartered in San Francisco with offices in London and the Netherlands.
To view this piece of content from cts.businesswire.com, please give your consent at the top of this page.
View source version on businesswire.com: http://www.businesswire.com/news/home/20170627005599/en/
Contact information
HackerOne
Lauren Koszarek
lauren@hackerone.com
or
Bateman
Group
Margaret Pack, 619-609-3919
hackerone@bateman-group.com
About Business Wire
For more than 50 years, Business Wire has been the global leader in press release distribution and regulatory disclosure.
Subscribe to releases from Business Wire
Subscribe to all the latest releases from Business Wire by registering your e-mail address below. You can unsubscribe at any time.
Latest releases from Business Wire
Vertex Presents New Data on ALYFTREK ® at European Cystic Fibrosis Conference5.6.2026 19:00:00 EEST | Press release
Vertex Pharmaceuticals Incorporated (Nasdaq: VRTX) today announced data demonstrating the potentially transformative impact of treating cystic fibrosis (CF) with ALYFTREK ® (vanzacaftor/tezacaftor/deutivacaftor) in children ages 2 to 5, as well as data from 96-week interim analyses of two open-label extension studies of ALYFTREK in children 6 to 11 years and people 12 years and older demonstrating the long-term safety and efficacy profile of the medicine. The data, presented at the European Cystic Fibrosis Conference, show children ages 2 to 5 with vanzacaftor/tezacaftor/deutivacaftor-responsive genotypes including those who are homozygous for the F508del mutation (F/F) and those who have F508del/minimal function mutations (F/MF)on ALYFTREK had further improvement in CFTR function from a TRIKAFTA ® baseline as measured by sweat chloride (SwCl), with 65% having achieved SwCl <30 mmol/L after treatment with ALYFTREK. Vertex also presented Phase 3 data of children ages 1 to <2 with TRIKAF
Owkin to Build AI Agents as Part of a Multi-Year K Pro Collaboration with Sanofi5.6.2026 14:00:00 EEST | Press release
Owkin, the agentic AI company pioneering Biological Artificial Superintelligence to transform drug discovery and development, today announced a multi-year collaboration with Sanofi to co-develop next-generation biopharma agents, to be backed by a five-year license for K Pro, Owkin’s AI Scientist. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20260605704506/en/ K Pro, Owkin's AI scientist for biology, powered by multimodal patient data for smarter biopharma decision making. Owkin and Sanofi have collaborated since 2021 through a €90 million strategic partnership focused on target identification in oncology and patient subgrouping. The collaboration was later expanded to include drug positioning for Sanofi’s immunology pipeline. This new collaboration represents the next evolution in the partnership. During the five-year collaboration, Owkin will lead the end-to-end development of novel AI-driven biopharma agents purpose-built
DFNS Rebrands as the Core Banking Platform for Digital Assets5.6.2026 13:41:00 EEST | Press release
DFNS today announced a rebrand, marking its evolution from a wallet infrastructure to the first core banking platform for digital assets. The company is introducing a new logo, website, and market position as fintechs and institutions move their products and operations onchain. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20260603859127/en/ Banks, fintechs, asset managers, trading firms, payment providers, market infrastructures, and clearing houses have stopped asking how to "add crypto." They're asking how to run financial products, controls, workflows, and client services on blockchain rails, with the reliability expected of core infrastructure. Some are going further still, exploring whether the blockchain can serve as the ledger itself, where an account is an onchain object rather than a row in a database. Where IBANs, virtual accounts, and blockchain wallets converge into one governed financial account. “DFNS was built
Compass Pathways Announces New Employee Inducement Grants Under Nasdaq Listing Rule 5635(c)(4)5.6.2026 13:30:00 EEST | Press release
Compass Pathways plc (Nasdaq: CMPS), a biotechnology company dedicated to accelerating patient access to evidence-based innovation in mental health, announced today that Compass granted equity awards under the Compass Pathways plc 2026 Inducement Plan to seventeen newly hired non-executive employees. The equity awards were granted on June 1, 2026 and consisted of options to purchase an aggregate of 157,000 shares and restricted share units or, in the case of employees in the United Kingdom nominal cost options, covering an aggregate of 74,700 shares. The options have an exercise price per share equal to $14.19, the closing price of the Company’s American Depositary Shares on the Nasdaq Global Select Market on the grant date, and will vest over a four-year period with 25% vesting on the first anniversary of the date of the grant and the remaining 75% vesting in equal monthly installments over the three-year period thereafter, subject to each employee’s continued employment. The restrict
Renewable Electricity, Soft Wheat Flour From Regenerative Agriculture, Initiatives to Support Local Communities: Barilla Shares These and Other Projects in “Stories of Sustainability.”5.6.2026 11:00:00 EEST | Press release
A slimmer Tagliatelle pack that saves 150 tons of cardboard and cuts transport-related CO₂ emissions by 20%1; ready-made sauce jars made with around 65% recycled glass; the progressive scaling of regenerative agriculture practices across Barilla’s value chain and initiatives supporting inclusion and equal opportunities across the Group’s production sites and communities. These are just some of the “sustainability” stories the Barilla Group is sharing on World Environment Day with the publication of its 2025 Sustainability Report. The report comes just after Barilla was named the world’s most reputable company in the food sector for the third year running and, for the first time, ranked among the global top 10 in the Global RepTrak 100 2026. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20260603162436/en/ “The future of the planet will increasingly depend on our ability to spread culture and education,” says Paolo Barilla, Vic
In our pressroom you can read all our latest releases, find our press contacts, images, documents and other relevant information about us.
Visit our pressroom