Business Wire

HackerOne Report Shows Bug Bounty Industry and Bounty Rewards Are On the Rise Globally


HackerOne, the leading bug bounty and vulnerability disclosure platform provider, today published “The 2017 Hacker-Powered Security Report” that examines over 800 hacker-powered programs from organizations including Airbnb, GitHub, General Motors, Intel, Lufthansa, Nintendo, U.S. Department of Defense, Uber, and more. Findings are based on nearly 50,000 resolved security vulnerabilities and more than $17 million in bounties awarded -- the world’s largest platform dataset.

With data breaches averaging $4 million in losses globally and the downtime caused by attacks like WannaCry costing upwards of $8 billion, the most security conscious organizations are working with hackers to find unknown vulnerabilities. Hacker-powered security provides a way to identify high-value vulnerabilities faster, leveraging the creativity of the world’s largest ethical hacker community. The report data reveals that hackers are finding severe vulnerabilities and getting paid for it, with 32 percent of resolved vulnerabilities classified as high to critical severity, and top rewards reaching $30,000 USD for a single report.

Hackers in over 90 countries are earning bounty rewards. The most competitive organizations are awarding hackers nearly $900,000 USD a year, with critical vulnerabilities earning $1,923 on average. In the past 12 months, 88 individual bug bounties rewards were over $10,000 USD.

“Hacker-powered security programs are undeniably effective at finding vulnerabilities organizations never knew existed,” said Alex Rice, CTO and founder, HackerOne. “The report showcases the success of these programs and the diverse capabilities of the global hacker community, with nearly 50,000 security vulnerabilities resolved.”

The 2017 Hacker-Powered Security Report Key Findings:

  • Bug bounties aren’t just for technology companies. While over half of bug bounty programs launched in 2016 were by technology companies, 41 percent were from other industries. Verticals showing significant year-over-year growth include government agencies, like the U.S. Department of Defense, media and entertainment, financial services and banking, and ecommerce and retail.
  • Customers’ security response efficiency is improving: The average time to first response for security issues is 6 days in 2017, compared to 7 days in 2016. Ecommerce and retail organizations fix security issues in four weeks, the fastest on average.
  • Responsive programs attract top hackers. Programs that are the fastest at acknowledging, validating, and resolving submitted vulnerabilities are the most attractive to hackers. Loyalty matters — repeat hackers are to thank for the majority of valid reports.
  • Bounty payments are increasing. The average bounty paid to hackers for a critical vulnerability is $1,923 in 2017, compared to $1,624 in 2015 — an increase of 16 percent. The top performing bug bounty programs award hackers an average of $50,000 USD a month, with some paying around $900,000 a year.
  • Vulnerability disclosure policies. Despite increased bug bounty program adoption and recommendations from federal agencies, 94 percent of the top publicly-traded companies still do not have known vulnerability disclosure policies — unchanged from 2015.

The most authoritative report on bug bounties and hacker-powered security

The 2017 Hacker-Powered Security Report examines data collected from over 800 bug bounty and vulnerability disclosure programs around the world. The report includes analysis of nearly 50,000 vulnerabilities resolved from over 13 industries, plus insight from more than 600 customers and over 100,000 registered hackers. HackerOne also analyzed vulnerability disclosure policy data from the Forbes Global 2000 to better understand hacker-powered security adoption. The 2017 Hacker-Powered Security Report is based on the most comprehensive platform dataset, and it provides insight into the adoption rate of bug bounties, pricing strategies, hacker motivations, and more.

The full report is available at:

About HackerOne

HackerOne is the #1 hacker-powered security platform, connecting organizations with the world’s largest community of trusted hackers. More than 800 organizations, including the U.S. Department of Defense, General Motors, Uber, Twitter, GitHub, Nintendo, Kaspersky Lab, Panasonic Avionics, Qualcomm, Square, Starbucks, Dropbox and the CERT Coordination Center trust HackerOne to find critical software vulnerabilities before criminals can exploit them. HackerOne customers have resolved nearly 50,000 vulnerabilities and awarded more than $17M in bug bounties. HackerOne is headquartered in San Francisco with offices in London and the Netherlands.

Contact information

Lauren Koszarek
Bateman Group
Margaret Pack, 619-609-3919

Tietoja julkaisijasta

For more than 50 years, Business Wire has been the global leader in press release distribution and regulatory disclosure.

Tilaa tiedotteet sähköpostiisi

Haluatko tietää asioista jo ennen kuin ne uutisoidaan? Kun tilaat tiedotteemme tältä julkaisijalta, saat ne sähköpostiisi yhtä aikaa suomalaisen median kanssa. Tilauksen voit halutessasi perua milloin tahansa.

Lue lisää julkaisijalta Business Wire

JustPremium Launches Rich Video Product Suite19.3.2018 11:00Tiedote

Programmatic rich media and video ad marketplace, JustPremium, has today announced the launch of a new product suite, Rich Video. The new offering allows clients to build multiple rich video ad units with a single click using the advertisers existing assets. Using Rich Video allows advertisers to create an engaging advert, leading to higher engagement and interaction rates. Ultimately these formats help create a better user experience and a higher return on investment. JustPremium launches this product at a time when quality video inventory has never been more in demand, and brand-safe video inventory that advertisers require has never been in shorter supply. Rich Video allows publishers to build multiple creative ad units in minutes, enabling them to test different options and optimise their message to give the best performance. By utilising the assets that have already been created for Facebook, Adwords and YouTube, this process allows advertisers to supercharge their existing conten

GovSat-1 Satellite Goes Operational19.3.2018 10:40Tiedote

GovSat-1 enters operational service today, to provide secure communications to governmental and institutional users. GovSat-1 is the first satellite of GovSat, a public private partnership between the Government of Luxembourg and the world-leading satellite operator SES. The satellite was launched into space on 31 January on board a flight-proven SpaceX Falcon 9 rocket from Cape Canaveral Air Force Station, and has since undergone extensive testing. This press release features multimedia. View the full release here: GovSat-1 launch. (Photo: SpaceX) The multi-mission satellite is operated by GovSat from the Secure Mission Operations Centre in Luxembourg. The highly flexible and resilient GovSat-1 payload uses dedicated frequencies in X-band and military Ka-band. It enables an array of applications such as connectivity for theatres of operation, interconnection of institutional or defence sites, border control, Intelligence, Surve

Digi Communications N.V.: Announcement on the Convocation Date for the Company’s GSM Approving the 2017 Annual Report19.3.2018 10:34Tiedote

The Company would like to inform its investors and the market that the Board of Directors anticipates that on Wednesday, 21 March 2018, it will convene the general shareholders meeting (the “GSM”) called to approve, among others, the 2017 Annual Report. On the same date, the Company will make public, among others, its 2017 Annual Report and the auditor’s report. In accordance with the provisions of the articles of association of the Company, the GSM is scheduled to take place on 2 May 2018. Therefore, we would like to inform you with respect to the update to the Company’s Financial Reporting Calendar for 2018, which is available on Digi’s website. For details, please access the Digi’s website: (Investor Relations Section). About Digi Communications NV Digi is the parent holding company of RCS & RDS, a leading provider of pay TV and telecommunications services in Romania and Hungary. In addition, RCS & RDS provides mobile services as an MVNO to the large Roman

Dai Nippon Printing Chooses Gemalto’s Biometric Facial Recognition Solution to Facilitate Mobile Banking Access in Japan19.3.2018 09:00Tiedote

Gemalto, the world leader in digital security, today announced that it has been selected by Dai Nippon Printing (DNP), a financial solutions provider in Japan, to make mobile banking transactions easier to use. Leveraging Gemalto’s facial biometric authentication solution - Mobile Protector- DNP has started to offer facial recognition to secure access to its mobile banking apps. This enables banking customers to easily and quickly log on to mobile banking services upon successful facial authentication, providing a more convenient user experience. This press release features multimedia. View the full release here: Facial recognition for mobile banking authentication. (Photo: Gemalto) Gemalto’s 2017 eBanking Trends research found that 68 percent of banks plan to implement facial recognition over the next five years. 80 percent of surveyed consumers perceived biometrics to be more secure than the traditional username and password co

Gemalto Helps European Banks Build Business Opportunities from PSD219.3.2018 09:00Tiedote

Gemalto, the world leader in digital security, believes that the implementation of PSD2 (Payment Services Directive 2) offers European banks a unique opportunity to deliver digital innovation, robust protection and seamless user experience that will be critical in a new era of open markets. The Regulatory Technical Standards (RTS) have just been published in the EU Official Journal, and detail the responsibilities and obligations of all banking and payment stakeholders concerning access to account, customer data protection, user convenience, and payment security. Gemalto believes that long term success will be built around solutions tailored to individual requirements, whilst drawing on products and services already proven to deliver the core principles of PSD2. This press release features multimedia. View the full release here: Solutions to help financial institutions for implementation of PSD2. Credit: istockphoto Adoption of t

ExThera Medical Announces Creation of European Subsidiary19.3.2018 08:23Tiedote

ExThera Medical Corporation, a developer of therapies for removing bacteria and viruses from blood, today announced the company’s plan to create ExThera Medical Europe and appointed Carla Kikken-Jussen as managing director of the new wholly-owned subsidiary. Carla brings more than 30 years of experience in clinical research and the commercialization of new medical devices in the European market to ExThera Medical, where she will oversee the strategic direction for ExThera’s European operations. “The establishment of our European subsidiary is an exciting milestone as we prepare for commercialization,” said Robert Ward, President and CEO of ExThera Medical. “Carla has a distinguished track record in medical device development and commercialization, including overseeing clinical research, regulatory affairs, quality assurance, and operations. As CEO of her company, Meditech, she successfully supported the rapid clinical adoption of many new medical devices. Carla’s strategic leadership w

Uutishuoneessa voit lukea tiedotteitamme ja muuta julkaisemaamme materiaalia. Löydät sieltä niin yhteyshenkilöidemme tiedot kuin vapaasti julkaistavissa olevia kuvia ja videoita. Uutishuoneessa voit nähdä myös sosiaalisen median sisältöjä. Kaikki STT Infossa julkaistu materiaali on vapaasti median käytettävissä.

Tutustu uutishuoneeseemme