SEARCH FINANCIAL SERVICES INFRASTRUCTURE SECURITY SCIENCE INTERVIEWS

 

     

HackerOne: Hackers Earned $11.7M in Last 12 Months

July 12, 2018

HackerOne released findings from the 2018 Hacker-Powered Security Report, based on over 72,000 resolved security vulnerabilities, 1,000 customer programs and more than $31 million in bounties awarded to hackers from over 100 countries. The annual report is a benchmark study of the bug bounty and vulnerability disclosure ecosystem based on the largest data set of reported vulnerabilities.

Hackers are finding more severe vulnerabilities than ever before. The total number of high or critical severity vulnerabilities increased by 22 percent in 2017. Furthermore, 24 percent of resolved vulnerabilities were classified as high to critical severity across industries. As a result, bounties for high impact findings are rising. The top bounty awarded for a single report reached $75,000 in 2017. The most competitive programs like Google, Microsoft and Intel are offering $250,000 bounty awards for critical issues. Meanwhile, false positives are becoming a relic of the past, with 80 percent Signal platform-wide, meaning 80 percent of submitted and qualified reports are valid.

Here’s a quick review of some of the statistics you’ll find in the report:

Over $31M has been awarded to hackers as of June 2018 with $11.7M awarded in 2017 alone.

A total of 116 unique bug reports earned bounties over $10,000 in the past year with the average amount paid for critical issues rising to over $2,000.Organizations are now offering as much as $250,000.

Governments are leading the way with 125 percent increase year over year. New public program including the European Commission and the Ministry of Defense Singapore, among others joining the U.S. Department of Defense on HackerOne.

Global adoption continues and Latin America is realizing the largest uptake of vulnerability disclosure policies and bug bounty programs, with an increase of 143% year over year.

93% of the Forbes Global 2000 list do not have a policy to receive, respond, and resolve critical bug reports submitted by the outside world.

Less than 5% of hackers learn their skills in the classroom - hackers want more education.

“Crowdsourced security testing is rapidly approaching critical mass, and ongoing adoption and uptake by buyers is expected to be rapid,” Gartner reported. Governments are leading the way with adoption globally. In the government sector there was a 125 percent increase year over year with new program launches including the European Commission and the Ministry of Defense Singapore, joining the U.S. Department of Defense on HackerOne. Proposed legislations like Hack the Department of Homeland Security Act, Hack Your State Department Act, Prevent Election Voting Act, and the Department of Justice Vulnerability Disclosure Framework further demonstrate public sector support for hacker-powered security.

Industries beyond technology continued to increase share of the overall hacker-powered security markets. Consumer Goods, Financial Services & Insurance, Government, and Telecommunications account for 43 percent of today’s bug bounty programs. Automotive programs increased 50% in the past year and Telecommunications programs increased 71 percent. Enterprises across industries saw a 54 percent increase in year over year VDP adoption. Still, leading organizations remain vastly underprepared for effective discovery, communication, remediation, and disclosure of vulnerabilities as 93% of the 2017 Forbes Global 2000 list do not have a policy to receive, respond, and resolve critical bug reports submitted by third parties.

“The world is embracing the highly skilled and creative hacker community to help reduce cyber risk,” said Marten Mickos, CEO of HackerOne. “A model once reserved for the largest, tech-advanced companies in the world, is now being implemented by organizations of any size, industry and connected corner of the globe. Hacker-powered security is reaching critical mass, and everyone is benefitting from a more secure internet.”

The 2018 Hacker-Powered Security Report examines data collected from over 1,000 bug bounty and vulnerability disclosure programs around the world. The report includes analysis of nearly 72,000 resolved vulnerabilities, plus insight from HackerOne’s community of over 200,000 registered hackers. HackerOne also analyzed VDP data from the Forbes Global 2000 to better understand hacker-powered security adoption.

Terms of Use | Copyright © 2002 - 2018 CONSTITUENTWORKS SM  CORPORATION. All rights reserved. | Privacy Statement