Super Bug Hunters Collect Millions in Bounties

Super Bug Hunters Collect Millions in Bounties

Super Bug Hunters Collect Millions in BountiesSuper Bug Hunters Collect Millions in Bounties

Although the first bug bounty program was started by Netscape in 1995, enterprises have been slow to adopt them. That changed this year.

Enterprises Adopting Bug BountiesEnterprises Adopting Bug Bounties

Companies with 5,000-plus employees accounted for 44% more of the total companies that launched bug bounty programs during the last 12 months.

Bug Bounty GrowthBug Bounty Growth

Bug bounty program growth increased to 210% on average year-over-year since Bugcrowd’s inaugural report in 2015.

Private Bounty Programs GrowingPrivate Bounty Programs Growing

Private bounty programs are an emerging trend—63% of all bounty programs launched are private.

Average Payouts RisingAverage Payouts Rising

The average bug reward to researchers rose 47% during the last 12 months. Q1 2016 saw average payouts of $505.79 on Bugcrowd’s platform.

Bug Bounties Move to Traditional VerticalsBug Bounties Move to Traditional Verticals

The industries launching bug bounty programs are becoming more diversified. The top five according to public data of bug bounty programs are: Computer software: 21%, Internet: 15%, IT and services: 13%, Financial services and banking: 7%, Business services: 5%

‘Super Hunters’ Emerge‘Super Hunters’ Emerge

A new tier of “super hunters” is emerging. The top 10 researchers have collected 23% of total payouts.

Where Are Bugcrowd Researchers?Where Are Bugcrowd Researchers?

Bugcrowd researchers come from 112 countries. 56% of all submissions originate from India (43%) and in the United States (13%).

Top 10 Countries by Volume of Vulnerabilities SubmittedTop 10 Countries by Volume of Vulnerabilities Submitted

The Top 10 countries by volume of vulnerabilities submitted are: India, U.S., Pakistan, U.K., Philippines, Germany, Malaysia, the Netherlands, Australia, Tunisia.

XSS Continues to DominateXSS Continues to Dominate

Cross-Site Scripting (XSS) remains the most discovered vulnerability type at over 66% of all classified vulnerabilities disclosed.

Bugcrowd Program DataBugcrowd Program Data

Bugcrowd platform data includes program data gathered since January 1, 2013, through March 31, 2016, as follows: 286 total programs, 64% private 37% public, 54,114 total submissions, $2,054,721 in bounty payments across 6,724 paid submissions, 26,782 researchers as of March 31, 2016

Karen A. Frenkel
Karen A. Frenkel
Karen A. Frenkel is a contributor to CIO Insight. She covers cybersecurity topics such as digital transformation, vulnerabilities, phishing, malware, and information governance.

Get the Free Newsletter!

Subscribe to Daily Tech Insider for top news, trends, and analysis.

Latest Articles