HackerOne Report Shows Bug Bounty Industry and Bounty Rewards Are On the Rise Globally
HackerOne, the leading bug bounty and vulnerability disclosure platform provider, today published “The 2017 Hacker-Powered Security Report” that examines over 800 hacker-powered programs from organizations including Airbnb, GitHub, General Motors, Intel, Lufthansa, Nintendo, U.S. Department of Defense, Uber, and more. Findings are based on nearly 50,000 resolved security vulnerabilities and more than $17 million in bounties awarded -- the world’s largest platform dataset.
With data breaches averaging $4 million in losses globally and the downtime caused by attacks like WannaCry costing upwards of $8 billion, the most security conscious organizations are working with hackers to find unknown vulnerabilities. Hacker-powered security provides a way to identify high-value vulnerabilities faster, leveraging the creativity of the world’s largest ethical hacker community. The report data reveals that hackers are finding severe vulnerabilities and getting paid for it, with 32 percent of resolved vulnerabilities classified as high to critical severity, and top rewards reaching $30,000 USD for a single report.
Hackers in over 90 countries are earning bounty rewards. The most competitive organizations are awarding hackers nearly $900,000 USD a year, with critical vulnerabilities earning $1,923 on average. In the past 12 months, 88 individual bug bounties rewards were over $10,000 USD.
“Hacker-powered security programs are undeniably effective at finding vulnerabilities organizations never knew existed,” said Alex Rice, CTO and founder, HackerOne. “The report showcases the success of these programs and the diverse capabilities of the global hacker community, with nearly 50,000 security vulnerabilities resolved.”
The 2017 Hacker-Powered Security Report Key Findings:
- Bug bounties aren’t just for technology companies. While over half of bug bounty programs launched in 2016 were by technology companies, 41 percent were from other industries. Verticals showing significant year-over-year growth include government agencies, like the U.S. Department of Defense, media and entertainment, financial services and banking, and ecommerce and retail.
- Customers’ security response efficiency is improving: The average time to first response for security issues is 6 days in 2017, compared to 7 days in 2016. Ecommerce and retail organizations fix security issues in four weeks, the fastest on average.
- Responsive programs attract top hackers. Programs that are the fastest at acknowledging, validating, and resolving submitted vulnerabilities are the most attractive to hackers. Loyalty matters — repeat hackers are to thank for the majority of valid reports.
- Bounty payments are increasing. The average bounty paid to hackers for a critical vulnerability is $1,923 in 2017, compared to $1,624 in 2015 — an increase of 16 percent. The top performing bug bounty programs award hackers an average of $50,000 USD a month, with some paying around $900,000 a year.
- Vulnerability disclosure policies. Despite increased bug bounty program adoption and recommendations from federal agencies, 94 percent of the top publicly-traded companies still do not have known vulnerability disclosure policies — unchanged from 2015.
The most authoritative report on bug bounties and hacker-powered security
The 2017 Hacker-Powered Security Report examines data collected from over 800 bug bounty and vulnerability disclosure programs around the world. The report includes analysis of nearly 50,000 vulnerabilities resolved from over 13 industries, plus insight from more than 600 customers and over 100,000 registered hackers. HackerOne also analyzed vulnerability disclosure policy data from the Forbes Global 2000 to better understand hacker-powered security adoption. The 2017 Hacker-Powered Security Report is based on the most comprehensive platform dataset, and it provides insight into the adoption rate of bug bounties, pricing strategies, hacker motivations, and more.
The full report is available at: https://www.hackerone.com/resources/hacker-powered-security-report
HackerOne is the #1 hacker-powered security platform, connecting organizations with the world’s largest community of trusted hackers. More than 800 organizations, including the U.S. Department of Defense, General Motors, Uber, Twitter, GitHub, Nintendo, Kaspersky Lab, Panasonic Avionics, Qualcomm, Square, Starbucks, Dropbox and the CERT Coordination Center trust HackerOne to find critical software vulnerabilities before criminals can exploit them. HackerOne customers have resolved nearly 50,000 vulnerabilities and awarded more than $17M in bug bounties. HackerOne is headquartered in San Francisco with offices in London and the Netherlands.
For more than 50 years, Business Wire has been the global leader in press release distribution and regulatory disclosure.
Tilaa tiedotteet sähköpostiisi
Haluatko tietää asioista jo ennen kuin ne uutisoidaan? Kun tilaat tiedotteemme, saat ne sähköpostiisi yhtä aikaa suomalaisen median kanssa. Tilauksen voit halutessasi perua milloin tahansa.
Lue lisää julkaisijalta Business Wire
JPMorgan Chase Bank announces the placement of cash-settled exchangeable bonds into Ping An Insurance (Group) Company of China Limited due 202017.7.2018 22:40 | Tiedote
NOT FOR DISTRIBUTION IN OR INTO THE UNITED STATES OR TO, OR FOR THE ACCOUNT OR BENEFIT OF, U.S. PERSONS (AS DEFINED IN REGULATION S UNDER THE U.S. SECURITIES ACT OF 1933) OR IN OR INTO JAPAN, THE PEOPLE’S REPUBLIC OF CHINA, SWITZERLAND OR ANY OTHER JURISDICTION IN WHICH SUCH DISTRIBUTION WOULD BE PROHIBITED BY APPLICABLE LAW. JPMorgan Chase Bank, N.A. (the “Issuer”) today announces the placement of cash-settled exchangeable bonds due 2020 (the “Bonds”) in aggregate principal amount of USD 350 million. The Bonds are referable to H-shares (the “Shares”) of Ping An Insurance (Group) Company of China Limited (the “Company”). Exchange rights in respect of the Bonds will be cash-settled only. The Bonds will be issued in principal amounts of USD 200,000 and integral multiples of USD 100,000 in excess thereof and will not bear interest. The Bonds will be issued with an issue price of 100% and will redeem at par on 30 December 2020. The initial exchange price (the “Initial Exchange Price”) will
Boston Capital Announces Closing of Boston Capital Income & Value U.S. Apartment Fund17.7.2018 17:00 | Tiedote
Boston Capital, the third largest owner of apartments in the U.S. with over $19.6 billion invested, is pleased to announce the final investor closing of Boston Capital Income and Value U.S. Apartment Fund (“BCIV”). BCIV, a discretionary multi-investor Luxembourg based fund vehicle, includes financial institutions, insurance companies, pensions, and family offices among its investors and will acquire over $350 million in apartment properties throughout the U.S. “We are very pleased to close BCIV, the latest in a succession of institutional investment vehicles through Boston Capital’s conventional apartment investment arm, Boston Capital Real Estate Partners (“BCRE”),” said Jeff Goldstein, COO and Director of Real Estate at Boston Capital. The Fund generates high current dividends and capital growth by acquiring and renovating Class B apartment properties located in major and secondary U.S. markets and by targeting a renovated rental price point well below new construction rates, which a
Amobee Wins Auction Process to Acquire Videology Assets17.7.2018 16:13 | Tiedote
Singtel subsidiary Amobee, a leading global digital marketing technology company serving brands and agencies, today announced that it has emerged as the winner in the court supervised auction to acquire certain assets from Videology, a software provider for advanced TV and video advertising, for purchase price of approximately US$101 million1. The purchase price is subject to adjustments for accounts receivable at closing, estimated to be approximately US$20.9 million. The acquisition, following Videology’s voluntary Chapter 11 restructuring proceedings, includes Videology’s technology platform, intellectual property and certain other assets of estimated net book value of US$5.3 million2. Over the past decade, Videology has emerged as a leading provider of software that empowers advertisers and publishers to use data to optimize campaigns and spend across digital platforms and television. The addition of Videology’s capabilities will be a further boost to Amobee’s omni-channel platform
Lenovo Leaps Forward with Next-Generation ThinkAgile Composable Cloud Platform17.7.2018 15:00 | Tiedote
Lenovo Data Center Group (HKSE: 992) (ADR: LNVGY), one of the fastest growing hyperconverged infrastructure (HCI) vendors according to IDC, – with HCI revenue growing at almost twice the market growth rate in Q1 2018 (149.1% compared to 76.3%)—is further expanding its ThinkAgile portfolio to provide an innovative solution for customers who desire the agility of the public cloud and the security of a private cloud. To address this growing customer trend, Lenovo – together with Cloudistics – has developed the ThinkAgile CP Series composable cloud platform, a ‘cloud-in-a-box’ that offers all of the conveniences and ease-of-use of a public cloud environment secured behind the customer’s own data center firewall. Lenovo ThinkAgile CP Series – with fully-integrated infrastructure, application marketplace and end-to-end automation of software-defined network, compute and storage – delivers a turnkey cloud experience that can be easily and centrally managed from anywhere through a software-as-
JPMorgan Chase Bank launches offering of cash-settled exchangeable bonds into Ping An Insurance (Group) Company of China Limited due 202017.7.2018 15:00 | Tiedote
NOT FOR DISTRIBUTION IN OR INTO THE UNITED STATES OR TO, OR FOR THE ACCOUNT OR BENEFIT OF, U.S. PERSONS (AS DEFINED IN REGULATION S UNDER THE U.S. SECURITIES ACT OF 1933) OR IN OR INTO JAPAN, THE PEOPLE’S REPUBLIC OF CHINA, SWITZERLAND OR ANY OTHER JURISDICTION IN WHICH SUCH DISTRIBUTION WOULD BE PROHIBITED BY APPLICABLE LAW. JPMorgan Chase Bank, N.A. (the “Issuer”) today announces the launch of an offering of cash-settled exchangeable bonds due 2020 (the “Bonds”) in aggregate principal amount of up to approximately USD 350 million. The Bonds are referable to H-shares (the “Shares”) of Ping An Insurance (Group) Company of China Limited (the “Company”). Exchange rights in respect of the Bonds will be cash-settled only. The Issuer is rated A+ (Stable outlook) by Standard & Poor’s, Aa3 (Stable outlook) by Moody’s and AA (Stable outlook) by Fitch. The Bonds will be issued in principal amounts of USD 200,000 and integral multiples of USD 100,000 in excess thereof and will not bear interest.
Greene Tweed Achieves Nadcap Accreditation for Non-Metallic Materials Testing17.7.2018 14:01 | Tiedote
Greene Tweed’s Central Engineering (CE) Materials Test Lab recently completed its final Nadcap accreditation audit for Non-Metallic Materials Testing (NMMT) of composite materials. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20180717005200/en/ Greene Tweed Achieves Nadcap Accreditation (Photo: Greene Tweed) In support of Aerospace’s strategic initiative, this positions Greene Tweed as one of a select few aerospace companies who have attained this accreditation as validation of our materials testing capabilities and our position as a composite solutions provider. To achieve this standard, Greene Tweed’s CE lab completed a comprehensive audit against the highest standards for special process controls, test completion, and validation. This in-house accreditation adds to Greene Tweed’s responsiveness to new product development requests while expanding production material and customer product certification capabilities. It also
Uutishuoneessa voit lukea tiedotteitamme ja muuta julkaisemaamme materiaalia. Löydät sieltä niin yhteyshenkilöidemme tiedot kuin vapaasti julkaistavissa olevia kuvia ja videoita. Uutishuoneessa voit nähdä myös sosiaalisen median sisältöjä. Kaikki STT Infossa julkaistu materiaali on vapaasti median käytettävissä.Tutustu uutishuoneeseemme