HackerOne Report Shows Bug Bounty Industry and Bounty Rewards Are On the Rise Globally
27.6.2017 17:00 | Business Wire
HackerOne, the leading bug bounty and vulnerability disclosure platform provider, today published “The 2017 Hacker-Powered Security Report” that examines over 800 hacker-powered programs from organizations including Airbnb, GitHub, General Motors, Intel, Lufthansa, Nintendo, U.S. Department of Defense, Uber, and more. Findings are based on nearly 50,000 resolved security vulnerabilities and more than $17 million in bounties awarded -- the world’s largest platform dataset.
With data breaches averaging $4 million in losses globally and the downtime caused by attacks like WannaCry costing upwards of $8 billion, the most security conscious organizations are working with hackers to find unknown vulnerabilities. Hacker-powered security provides a way to identify high-value vulnerabilities faster, leveraging the creativity of the world’s largest ethical hacker community. The report data reveals that hackers are finding severe vulnerabilities and getting paid for it, with 32 percent of resolved vulnerabilities classified as high to critical severity, and top rewards reaching $30,000 USD for a single report.
Hackers in over 90 countries are earning bounty rewards. The most competitive organizations are awarding hackers nearly $900,000 USD a year, with critical vulnerabilities earning $1,923 on average. In the past 12 months, 88 individual bug bounties rewards were over $10,000 USD.
“Hacker-powered security programs are undeniably effective at finding vulnerabilities organizations never knew existed,” said Alex Rice, CTO and founder, HackerOne. “The report showcases the success of these programs and the diverse capabilities of the global hacker community, with nearly 50,000 security vulnerabilities resolved.”
The 2017 Hacker-Powered Security Report Key Findings:
- Bug bounties aren’t just for technology companies. While over half of bug bounty programs launched in 2016 were by technology companies, 41 percent were from other industries. Verticals showing significant year-over-year growth include government agencies, like the U.S. Department of Defense, media and entertainment, financial services and banking, and ecommerce and retail.
- Customers’ security response efficiency is improving: The average time to first response for security issues is 6 days in 2017, compared to 7 days in 2016. Ecommerce and retail organizations fix security issues in four weeks, the fastest on average.
- Responsive programs attract top hackers. Programs that are the fastest at acknowledging, validating, and resolving submitted vulnerabilities are the most attractive to hackers. Loyalty matters — repeat hackers are to thank for the majority of valid reports.
- Bounty payments are increasing. The average bounty paid to hackers for a critical vulnerability is $1,923 in 2017, compared to $1,624 in 2015 — an increase of 16 percent. The top performing bug bounty programs award hackers an average of $50,000 USD a month, with some paying around $900,000 a year.
- Vulnerability disclosure policies. Despite increased bug bounty program adoption and recommendations from federal agencies, 94 percent of the top publicly-traded companies still do not have known vulnerability disclosure policies — unchanged from 2015.
The most authoritative report on bug bounties and hacker-powered security
The 2017 Hacker-Powered Security Report examines data collected from over 800 bug bounty and vulnerability disclosure programs around the world. The report includes analysis of nearly 50,000 vulnerabilities resolved from over 13 industries, plus insight from more than 600 customers and over 100,000 registered hackers. HackerOne also analyzed vulnerability disclosure policy data from the Forbes Global 2000 to better understand hacker-powered security adoption. The 2017 Hacker-Powered Security Report is based on the most comprehensive platform dataset, and it provides insight into the adoption rate of bug bounties, pricing strategies, hacker motivations, and more.
The full report is available at: https://www.hackerone.com/resources/hacker-powered-security-report
HackerOne is the #1 hacker-powered security platform, connecting organizations with the world’s largest community of trusted hackers. More than 800 organizations, including the U.S. Department of Defense, General Motors, Uber, Twitter, GitHub, Nintendo, Kaspersky Lab, Panasonic Avionics, Qualcomm, Square, Starbucks, Dropbox and the CERT Coordination Center trust HackerOne to find critical software vulnerabilities before criminals can exploit them. HackerOne customers have resolved nearly 50,000 vulnerabilities and awarded more than $17M in bug bounties. HackerOne is headquartered in San Francisco with offices in London and the Netherlands.
For more than 50 years, Business Wire has been the global leader in press release distribution and regulatory disclosure.
Tilaa tiedotteet sähköpostiisi
Haluatko tietää asioista jo ennen kuin ne uutisoidaan? Kun tilaat tiedotteemme tältä julkaisijalta, saat ne sähköpostiisi yhtä aikaa suomalaisen median kanssa. Tilauksen voit halutessasi perua milloin tahansa.
Lue lisää julkaisijalta Business Wire
Digi Communications N.V. Announces the Publishing of an Update to the Investigation by the Romanian National Anti-Corruption Directorate22.8.2017 19:38 | Tiedote
In connection with the investigation triggered by the Romanian National Anti-Corruption Directorate (“DNA”), which we have previously disclosed to the market and to our investors in the initial public offering prospectus dated 26 April 2017, in the supplemental prospectus dated 8 May 2017 (together, the “Prospectus”), as well as in the subsequent public reports, we inform you that, based on the public release no 832/VIII/3 issued on 22 August 2017, the DNA sent to court under the judiciary control Mr. Ioan Bendei (Vice-president of the Board of Directors of RCS & RDS S.A. – the Company’s subsidiary („RCS&RDS”)) in connection with the offences of bribery and accessory to money laundering, as well as RCS&RDS in connection with the offences of bribery and money laundering, INTEGRASOFT S.R.L. (one of RCS&RDS’s subsidiaries in Romania) in connection with the offence of accessory to mon
Meggitt Training Systems to Exhibit at DSEI 201722.8.2017 17:00 | Tiedote
Meggitt Training Systems, the leading provider of integrated live-fire and virtual weapons training products and services for armed forces and law enforcement, will participate at Defence and Security Equipment International (DSEI) through the Georgia Department of Economic Development. The military and security industry event will be held September 12-15, 2017 at ExCeL in London, England. “Today’s threats necessitate maximum realism, despite stretched budgets, and that’s what Meggitt provides to government and commercial customers globally,” said Mark Mears, managing director at Meggitt Training Systems, Ltd. “Although proudly based in Georgia, Meggitt Training Systems is part of Meggitt PLC, a UK-headquartered corporation. As such, we particularly look forward to engaging with current and prospective customers at DSEI, the UK’s largest defense and security trade show.” On
SailPoint Named a Leader in Cloud-based Identity Governance22.8.2017 17:00 | Tiedote
SailPoint, the leader in enterprise identity management, was recently named the overall market leader in KuppingerCole’s 2017 “Leadership Compass: Identity as a Service: Cloud-based Provisioning, Access Governance and Federation.” In addition to being named a leader in every category of the report, SailPoint received superior rankings in four of the five evaluation criteria: security, functionality, interoperability and usability. KuppingerCole is an international and independent analyst organization with a strong focus on Information Security and Identity and Access Management. KuppingerCole’s Leadership Compass reports provide an in-depth analysis of the main players in the market, defining each as a follower, challenger or leader. The Leadership Compass Report for IDaaS evaluates leaders in innovation, product features, and market reach for identity-as-a-service offerings tar
Camelbay Real Estate Management NL B.V. Selects Yardi Voyager22.8.2017 16:58 | Tiedote
Camelbay Real Estate Management NL B.V. will utilise Yardi Voyager® 7S, a browser-agnostic, fully mobile Software-as-a-Service platform, as its accounting and property management platform. Camelbay will use Yardi Voyager to streamline its property management, leasing and accounting processes for its Dutch real estate portfolio, which is predominantly comprised of commercial office assets. “The automation, transparency and fully integrated accounting and property management that Voyager provides will help us manage our daily financial and operational activities more efficiently and enhance our competitive position within the Dutch office market,” said Alon Levy, Director of Camelbay Real Estate Management NL B.V. “We are very pleased to welcome Camelbay as our latest client in the Netherlands,” said Neal Gemassmer, Vice President of International for Yardi.
Laser Design CyberGage®360, Automated 3D Scanning & Inspection System Adopted by Proto Labs in their State-of-the-Art Metrology Lab22.8.2017 16:44 | Tiedote
Laser Design, Inc., a subsidiary of CyberOptics (NASDAQ:CYBE), and premier provider of ultra-precise 3D scanning systems and services, announces the adoption of the CyberGage360 3D Scanning and Inspection system by Proto Labs, the world’s fastest digital manufacturing source for custom prototypes and low-volume production parts providing unprecedented speed-to-market value for designers and engineers. “At Proto Labs, we strive to challenge the traditional rules of manufacturing in order to deliver custom manufactured components at unprecedented speeds,” said Dylan Lundberg, Senior Manufacturing Engineer of Protoworks, Proto Labs’ R&D lab. “Everything we do revolves around reducing our customers’ time to market and we do that by digitalizing the entire manufacturing process. From our front-end services to our proprietary processes on the manufacturing floor, you will find thr
Altierre Strengthens Executive Team in Europe With Hiring of Guillaume Vicot and Niclas Qvist22.8.2017 15:00 | Tiedote
Altierre Corp., a provider of the world’s highest density, ultra-low energy, long-range wireless technology and applications for the Internet of Things (IoT) market, today announced two additions to its France-based European executive team. Guillaume Vicot has joined the company as General manager, Europe, Middle East and Asia (EMEA) and Niclas Qvist has joined as Vice President, Partner management & Marketing. Vicot joins Altierre’s management team after 17 successful years in the Auto-ID industry, barcode scanning and mobile computing. He most recently served as Vice President of sales, Western Europe, for PSC / Datalogic, leader in the bar code scanning industry, where he oversaw a team of more than 100 people and developed a tactical go-to-market strategy, achieving revenue well over US$100 million. “Guillaume has many top level strategic relationships with retailers
Uutishuoneessa voit lukea tiedotteitamme ja muuta julkaisemaamme materiaalia. Löydät sieltä niin yhteyshenkilöidemme tiedot kuin vapaasti julkaistavissa olevia kuvia ja videoita. Uutishuoneessa voit nähdä myös sosiaalisen median sisältöjä. Kaikki STT Infossa julkaistu materiaali on vapaasti median käytettävissä.Tutustu uutishuoneeseemme