HackerOne Report Shows Bug Bounty Industry and Bounty Rewards Are On the Rise Globally
27.6.2017 17:00:00 EEST | Business Wire | Press release
HackerOne, the leading bug bounty and vulnerability disclosure platform provider, today published “The 2017 Hacker-Powered Security Report” that examines over 800 hacker-powered programs from organizations including Airbnb, GitHub, General Motors, Intel, Lufthansa, Nintendo, U.S. Department of Defense, Uber, and more. Findings are based on nearly 50,000 resolved security vulnerabilities and more than $17 million in bounties awarded -- the world’s largest platform dataset.
With data breaches averaging $4 million in losses globally and the downtime caused by attacks like WannaCry costing upwards of $8 billion, the most security conscious organizations are working with hackers to find unknown vulnerabilities. Hacker-powered security provides a way to identify high-value vulnerabilities faster, leveraging the creativity of the world’s largest ethical hacker community. The report data reveals that hackers are finding severe vulnerabilities and getting paid for it, with 32 percent of resolved vulnerabilities classified as high to critical severity, and top rewards reaching $30,000 USD for a single report.
Hackers in over 90 countries are earning bounty rewards. The most competitive organizations are awarding hackers nearly $900,000 USD a year, with critical vulnerabilities earning $1,923 on average. In the past 12 months, 88 individual bug bounties rewards were over $10,000 USD.
“Hacker-powered security programs are undeniably effective at finding vulnerabilities organizations never knew existed,” said Alex Rice, CTO and founder, HackerOne. “The report showcases the success of these programs and the diverse capabilities of the global hacker community, with nearly 50,000 security vulnerabilities resolved.”
The 2017 Hacker-Powered Security Report Key Findings:
- Bug bounties aren’t just for technology companies. While over half of bug bounty programs launched in 2016 were by technology companies, 41 percent were from other industries. Verticals showing significant year-over-year growth include government agencies, like the U.S. Department of Defense, media and entertainment, financial services and banking, and ecommerce and retail.
- Customers’ security response efficiency is improving: The average time to first response for security issues is 6 days in 2017, compared to 7 days in 2016. Ecommerce and retail organizations fix security issues in four weeks, the fastest on average.
- Responsive programs attract top hackers. Programs that are the fastest at acknowledging, validating, and resolving submitted vulnerabilities are the most attractive to hackers. Loyalty matters — repeat hackers are to thank for the majority of valid reports.
- Bounty payments are increasing. The average bounty paid to hackers for a critical vulnerability is $1,923 in 2017, compared to $1,624 in 2015 — an increase of 16 percent. The top performing bug bounty programs award hackers an average of $50,000 USD a month, with some paying around $900,000 a year.
- Vulnerability disclosure policies. Despite increased bug bounty program adoption and recommendations from federal agencies, 94 percent of the top publicly-traded companies still do not have known vulnerability disclosure policies — unchanged from 2015.
The most authoritative report on bug bounties and hacker-powered security
The 2017 Hacker-Powered Security Report examines data collected from over 800 bug bounty and vulnerability disclosure programs around the world. The report includes analysis of nearly 50,000 vulnerabilities resolved from over 13 industries, plus insight from more than 600 customers and over 100,000 registered hackers. HackerOne also analyzed vulnerability disclosure policy data from the Forbes Global 2000 to better understand hacker-powered security adoption. The 2017 Hacker-Powered Security Report is based on the most comprehensive platform dataset, and it provides insight into the adoption rate of bug bounties, pricing strategies, hacker motivations, and more.
The full report is available at: https://www.hackerone.com/resources/hacker-powered-security-report
About HackerOne
HackerOne is the #1 hacker-powered security platform, connecting organizations with the world’s largest community of trusted hackers. More than 800 organizations, including the U.S. Department of Defense, General Motors, Uber, Twitter, GitHub, Nintendo, Kaspersky Lab, Panasonic Avionics, Qualcomm, Square, Starbucks, Dropbox and the CERT Coordination Center trust HackerOne to find critical software vulnerabilities before criminals can exploit them. HackerOne customers have resolved nearly 50,000 vulnerabilities and awarded more than $17M in bug bounties. HackerOne is headquartered in San Francisco with offices in London and the Netherlands.
To view this piece of content from cts.businesswire.com, please give your consent at the top of this page.
View source version on businesswire.com: http://www.businesswire.com/news/home/20170627005599/en/
Contact information
HackerOne
Lauren Koszarek
lauren@hackerone.com
or
Bateman
Group
Margaret Pack, 619-609-3919
hackerone@bateman-group.com
About Business Wire
For more than 50 years, Business Wire has been the global leader in press release distribution and regulatory disclosure.
Subscribe to releases from Business Wire
Subscribe to all the latest releases from Business Wire by registering your e-mail address below. You can unsubscribe at any time.
Latest releases from Business Wire
Visa Opens the Door to AI-Driven Shopping for Businesses Worldwide8.4.2026 19:00:00 EEST | Press release
Visa Inc. (NYSE: V) today unveiled Intelligent Commerce Connect, a new solution that makes it easier for businesses to connect to and participate in AI-powered commerce. Intelligent Commerce Connect acts as a network, protocol, and token vault-agnostic ‘on ramp’ to agentic commerce for agent builders, merchants, and enablers. As consumers increasingly rely on AI agents to make purchases, businesses – whether they are building agents, selling to them, or processing transactions – need a simple way to get started. Intelligent Commerce Connect, part of the Visa Intelligent Commerce portfolio, meets that need. Through a single integration via the Visa Acceptance Platform, Intelligent Commerce Connect enables secure payment initiation, tokenization, spend controls, and authentication. The solution integrates both Visa Intelligent Commerce APIs, which are used to process agent purchases using Visa cards, and other networks’ APIs, allowing agents to pay with both Visa and non-Visa cards*. Thi
Andersen Consulting Strengthens Digital Transformation Capabilities Through Kyanon Consulting Collaboration8.4.2026 16:30:00 EEST | Press release
Andersen Consulting enhances its platform through a Collaboration Agreement with Kyanon Consulting, a Vietnam-based technology consulting firm known for delivering large-scale digital transformation solutions. Founded in 2025, as an arm of Kyanon Digital, Kyanon Consulting provides end-to-end digital and technology services to retail, banking and finance, and manufacturing organizations seeking to modernize operations, improve customer engagement, and accelerate growth. The firm delivers solutions across digital strategy, enterprise and product development, system integration, workflow automation, advanced analytics, and AI-driven insights for customer experience. “At Kyanon Consulting, our mission is to create digital impact that truly matters,” said Tai Huynh, founder of Kyanon Consulting. “We equip clients with the tools, insights, and innovation needed to strengthen resilience and unlock new opportunities. Collaborating with Andersen Consulting allows us to bring our capabilities t
Sumitomo Corporation, SMBC Aviation Capital, Apollo and Brookfield Complete the Acquisition of Air Lease Corporation8.4.2026 16:13:00 EEST | Press release
Sumitomo Corporation, SMBC Aviation Capital, Apollo-managed funds (“Apollo”) and Brookfield today announced that they have completed the previously announced acquisition of Air Lease Corporation (“Air Lease”) and have renamed the business Sumisho Air Lease Corporation (“Sumisho Air Lease”). This transformational transaction improves the financial position of the business with long term support and aviation expertise from co-investors Sumitomo Corporation, SMBC Aviation Capital, Apollo and Brookfield. Sumisho Air Lease’s strong foundation as an established aircraft lessor, supported by SMBC Aviation Capital’s industry‑leading capabilities as servicer, creates a platform with the scale and financial strength needed to meet the fast‑changing and increasingly complex requirements of airline customers. Sumisho Air Lease will also benefit from the deep expertise and long-standing commitment that both Sumitomo Corporation and SMBC Aviation Capital bring to the global aviation leasing sector.
Sitetracker Launches Scout, an Agentic AI Platform Purpose-Built for Critical Infrastructure8.4.2026 16:00:00 EEST | Press release
Sitetracker, the leading Asset Lifecycle Management platform for critical infrastructure, today announced the launch of Scout, its new Agentic AI platform designed to help infrastructure owners, operators, and contractors gain deep insights and drive automation within their operations. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20260408923336/en/ Scout, ready for real work As your AI analyst and agent, Scout is ready to work on day 1. Scout provides clarity when decisions are forming and momentum when action is required. It surfaces risk, synthesizes information, and helps accelerate execution by connecting data and driving action. Scout creates operational intelligence and turns it into action all in a secure environment that protects data sovereignty. “Our customers are looking to create compounding competitive advantages,” said Giuseppe Incitti, Chief Executive Officer of Sitetracker. “Scout delivers by providing easy t
Westinghouse Hosts Annual VVER Fuel Forum with Customers8.4.2026 16:00:00 EEST | Press release
Westinghouse and MVM Paks Nuclear Power Plant (NPP) recently co-hosted the VVER Fuel Forum in Budapest to share insights and plans for the continued deployment of VVER-1000 and VVER-440 fuel in operating reactors. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20260408646373/en/ Participants to the VVER Fuel Forum Péter János Horváth, CEO of MVM Paks, welcomed all the participants, highlighting that Hungary is ending two decades of single supplier fuel dependency thanks to the agreement recently signed with Westinghouse to supply the VVER-440 NOVA E-6 fuel design. Six customers presented the progress made and positive outcomes achieved in the past years with the introduction of Westinghouse fuel into mixed cores with resident fuel in their reactors: Energoatom has extensive experience with Westinghouse VVER-440 and VVER-1000 fuel, currently used in the nine reactors in operation. Ukraine will be the first country to operate en
In our pressroom you can read all our latest releases, find our press contacts, images, documents and other relevant information about us.
Visit our pressroom