Business Wire

HackerOne Report Shows Bug Bounty Industry and Bounty Rewards Are On the Rise Globally

Jaa

HackerOne, the leading bug bounty and vulnerability disclosure platform provider, today published “The 2017 Hacker-Powered Security Report” that examines over 800 hacker-powered programs from organizations including Airbnb, GitHub, General Motors, Intel, Lufthansa, Nintendo, U.S. Department of Defense, Uber, and more. Findings are based on nearly 50,000 resolved security vulnerabilities and more than $17 million in bounties awarded -- the world’s largest platform dataset.

With data breaches averaging $4 million in losses globally and the downtime caused by attacks like WannaCry costing upwards of $8 billion, the most security conscious organizations are working with hackers to find unknown vulnerabilities. Hacker-powered security provides a way to identify high-value vulnerabilities faster, leveraging the creativity of the world’s largest ethical hacker community. The report data reveals that hackers are finding severe vulnerabilities and getting paid for it, with 32 percent of resolved vulnerabilities classified as high to critical severity, and top rewards reaching $30,000 USD for a single report.

Hackers in over 90 countries are earning bounty rewards. The most competitive organizations are awarding hackers nearly $900,000 USD a year, with critical vulnerabilities earning $1,923 on average. In the past 12 months, 88 individual bug bounties rewards were over $10,000 USD.

“Hacker-powered security programs are undeniably effective at finding vulnerabilities organizations never knew existed,” said Alex Rice, CTO and founder, HackerOne. “The report showcases the success of these programs and the diverse capabilities of the global hacker community, with nearly 50,000 security vulnerabilities resolved.”

The 2017 Hacker-Powered Security Report Key Findings:

  • Bug bounties aren’t just for technology companies. While over half of bug bounty programs launched in 2016 were by technology companies, 41 percent were from other industries. Verticals showing significant year-over-year growth include government agencies, like the U.S. Department of Defense, media and entertainment, financial services and banking, and ecommerce and retail.
  • Customers’ security response efficiency is improving: The average time to first response for security issues is 6 days in 2017, compared to 7 days in 2016. Ecommerce and retail organizations fix security issues in four weeks, the fastest on average.
  • Responsive programs attract top hackers. Programs that are the fastest at acknowledging, validating, and resolving submitted vulnerabilities are the most attractive to hackers. Loyalty matters — repeat hackers are to thank for the majority of valid reports.
  • Bounty payments are increasing. The average bounty paid to hackers for a critical vulnerability is $1,923 in 2017, compared to $1,624 in 2015 — an increase of 16 percent. The top performing bug bounty programs award hackers an average of $50,000 USD a month, with some paying around $900,000 a year.
  • Vulnerability disclosure policies. Despite increased bug bounty program adoption and recommendations from federal agencies, 94 percent of the top publicly-traded companies still do not have known vulnerability disclosure policies — unchanged from 2015.

The most authoritative report on bug bounties and hacker-powered security

The 2017 Hacker-Powered Security Report examines data collected from over 800 bug bounty and vulnerability disclosure programs around the world. The report includes analysis of nearly 50,000 vulnerabilities resolved from over 13 industries, plus insight from more than 600 customers and over 100,000 registered hackers. HackerOne also analyzed vulnerability disclosure policy data from the Forbes Global 2000 to better understand hacker-powered security adoption. The 2017 Hacker-Powered Security Report is based on the most comprehensive platform dataset, and it provides insight into the adoption rate of bug bounties, pricing strategies, hacker motivations, and more.

The full report is available at: https://www.hackerone.com/resources/hacker-powered-security-report

About HackerOne

HackerOne is the #1 hacker-powered security platform, connecting organizations with the world’s largest community of trusted hackers. More than 800 organizations, including the U.S. Department of Defense, General Motors, Uber, Twitter, GitHub, Nintendo, Kaspersky Lab, Panasonic Avionics, Qualcomm, Square, Starbucks, Dropbox and the CERT Coordination Center trust HackerOne to find critical software vulnerabilities before criminals can exploit them. HackerOne customers have resolved nearly 50,000 vulnerabilities and awarded more than $17M in bug bounties. HackerOne is headquartered in San Francisco with offices in London and the Netherlands.

Contact information

HackerOne
Lauren Koszarek
lauren@hackerone.com
or
Bateman Group
Margaret Pack, 619-609-3919
hackerone@bateman-group.com

Tietoja julkaisijasta

For more than 50 years, Business Wire has been the global leader in press release distribution and regulatory disclosure.

Tilaa tiedotteet sähköpostiisi

Haluatko tietää asioista jo ennen kuin ne uutisoidaan? Kun tilaat tiedotteemme tältä julkaisijalta, saat ne sähköpostiisi yhtä aikaa suomalaisen median kanssa. Tilauksen voit halutessasi perua milloin tahansa.

Lue lisää julkaisijalta Business Wire

IDEMIA, in Partnership with BGFIBank, Launches for First Time in Gabon a Bank Card Integrating MOTION CODETM20.10.2017 11:16Tiedote

IDEMIA, the global leader in trusted identities for an increasingly digital world, was selected by BGFIBank, the top bank in Central Africa, to launch the new Visa bank card in Gabon integrating MOTION CODE TM , a technology developed by IDEMIA ensuring optimal security especially in Internet transactions and considerably reducing the risk of online fraud. As a reference player in the African banking landscape, the BGFIBank Group has always been a pioneer in the adoption of new technologies in order to offer its customers the most innovative and secure solutions on the market. It is therefore quite natural that BGFIBank chose the expertise of IDEMIA (formerly known as OT-Morpho) to offer its customers high-tech payment cards for the first time in Africa. The adoption of this innovative solution is intended to secure online purchases made by its custo

The Meet Group Announces Closing of Lovoo Acquisition19.10.2017 23:58Tiedote

The Meet Group, Inc. (NASDAQ: MEET), a public market leader in the mobile meeting space, has completed its acquisition of Lovoo GmbH. The LOVOO app is the most downloaded dating app in Germany, Switzerland, and Austria combined. This press release features multimedia. View the full release here: http://www.businesswire.com/news/home/20171019006572/en/ The Meet Group anticipates this purchase will continue the momentum of its mission to meet the universal need for human connection through innovating, acquiring, and building the largest mobile portfolio of brands for meeting new people. The acquisition is expected to expand The Meet Group’s global footprint, increase the company’s scale and profitability, and diversify its business model by adding expertise in subscription and in-app purchasing. “LOVOO is our third strategic acquisition in the last 12 months, and

Edgewater Networks Announces SD-WAN Optimized for BroadSoft Platforms19.10.2017 23:00Tiedote

Edgewater Networks, Inc., the market leader in Network Edge Orchestration, announces the upcoming availability of its SD-WAN offering targeted for Small to Medium Enterprises, a key market for service providers offering Unified Communications as a Service. Edgewater Networks’ SD-WAN solution is optimized for the BroadSoft BroadWorks® and BroadCloud® platforms and brings the benefits of this technology to the BroadSoft customer base. “As a new component of our Network Edge Orchestration platform, Edgewater Networks SD-WAN service allows BroadSoft customers to offer comprehensive end user service level agreements by ensuring that real-time communications are automatically routed to the best available Internet connection,” said Chris Kolstad, Edgewater Networks’ Vice President of Product Management. “Edgewater Networks’ SD-WAN offers a new revenue stream to service providers with a soluti

Business Wire Receives Type 2 SOC 2 Attestation Engagement Report Related to Security19.10.2017 22:20Tiedote

Business Wire today announced that it has successfully completed a Type 2 SOC 2 examination of its BW Connect and HQ systems. This press release features multimedia. View the full release here: http://www.businesswire.com/news/home/20171019006400/en/ The attestation engagement report, conducted by the independent CPA firm Schellman & Company, LLC, confirms that Business Wire has met the standards established by the American Institute of Certified Public Accountants [AICPA] Trust Services Principles related to security. BW Connect is Business Wire’s proprietary web-based order-entry system; HQ provides web-hosting services for online newsrooms, and investor relations hubs for publicly-traded companies. The examination, conducted during the review period February 1, 2017 through July 31, 2017, focused on Business Wire adherence to the Trust Service Principle/Secu

Business Wire Receives Type 2 SOC 2 Attestation Engagement Report Related to Security of ‘BW Connect,’ Its Order-Entry Interface, and ‘HQ,’ Its Web-Hosting Services19.10.2017 22:03Tiedote

Business Wire today announced that it has successfully completed a Type 2 SOC 2 examination of its BW Connect and HQ systems. This press release features multimedia. View the full release here: http://www.businesswire.com/news/home/20171019006400/en/ The attestation engagement report, conducted by the independent CPA firm Schellman & Company, LLC, confirms that Business Wire has met the standards established by the American Institute of Certified Public Accountants [AICPA] Trust Services Principles related to security. BW Connect is Business Wire’s proprietary web-based order-entry system; HQ provides web-hosting services for online newsrooms, and investor relations hubs for publicly-traded companies. The examination, conducted during the review period February 1, 2017 through July 31, 2017, focused on Business Wire adherence to the Trust Service Principle/Secu

Pharnext: First-Half 201719.10.2017 20:30Tiedote

Regulatory News: Pharnext SA (FR00111911287 - ALPHA), a biopharmaceutical company pioneering a new approach to the development of innovative drugs based on the combination and repositioning of known drugs, today announced its first-half 2017 financial results. Daniel Cohen, M.D., Ph.D. Co-Founder and CEO said of activity for the first half of 2017: "Activity in the first-half of the year was very dense; we implemented two prominent strategic partnerships with the biotech company Galapagos and the Tasly Group, one of the top ten pharmaceutical companies in China. Our flagship product, PXT3003 for the treatment of Charcot-Marie-Tooth disease type 1A, is nearing the end of Phase 3, which is slated for the second half of 2018. We confirm our target of taking the product to market by 2019." A half-year marked by strategic agreements

Uutishuoneessa voit lukea tiedotteitamme ja muuta julkaisemaamme materiaalia. Löydät sieltä niin yhteyshenkilöidemme tiedot kuin vapaasti julkaistavissa olevia kuvia ja videoita. Uutishuoneessa voit nähdä myös sosiaalisen median sisältöjä. Kaikki STT Infossa julkaistu materiaali on vapaasti median käytettävissä.

Tutustu uutishuoneeseemme