Super Bug Hunters Collect Millions in Bounties

 
 
By Karen A. Frenkel  |  Posted 06-15-2016 Email
 
 
 
 
 
 
 
 
 
  • Previous
    Super Bug Hunters Collect Millions in Bounties
    Next

    Super Bug Hunters Collect Millions in Bounties

    Although the first bug bounty program was started by Netscape in 1995, enterprises have been slow to adopt them. That changed this year.
  • Previous
    Enterprises Adopting Bug Bounties
    Next

    Enterprises Adopting Bug Bounties

    Companies with 5,000-plus employees accounted for 44% more of the total companies that launched bug bounty programs during the last 12 months.
  • Previous
    Bug Bounty Growth
    Next

    Bug Bounty Growth

    Bug bounty program growth increased to 210% on average year-over-year since Bugcrowd's inaugural report in 2015.
  • Previous
    Private Bounty Programs Growing
    Next

    Private Bounty Programs Growing

    Private bounty programs are an emerging trend—63% of all bounty programs launched are private.
  • Previous
    Average Payouts Rising
    Next

    Average Payouts Rising

    The average bug reward to researchers rose 47% during the last 12 months. Q1 2016 saw average payouts of $505.79 on Bugcrowd's platform.
  • Previous
    Bug Bounties Move to Traditional Verticals
    Next

    Bug Bounties Move to Traditional Verticals

    The industries launching bug bounty programs are becoming more diversified. The top five according to public data of bug bounty programs are: Computer software: 21%, Internet: 15%, IT and services: 13%, Financial services and banking: 7%, Business services: 5%
  • Previous
    ‘Super Hunters’ Emerge
    Next

    ‘Super Hunters’ Emerge

    A new tier of "super hunters" is emerging. The top 10 researchers have collected 23% of total payouts.
  • Previous
    Where Are Bugcrowd Researchers?
    Next

    Where Are Bugcrowd Researchers?

    Bugcrowd researchers come from 112 countries. 56% of all submissions originate from India (43%) and in the United States (13%).
  • Previous
    Top 10 Countries by Volume of Vulnerabilities Submitted
    Next

    Top 10 Countries by Volume of Vulnerabilities Submitted

    The Top 10 countries by volume of vulnerabilities submitted are: India, U.S., Pakistan, U.K., Philippines, Germany, Malaysia, the Netherlands, Australia, Tunisia.
  • Previous
    XSS Continues to Dominate
    Next

    XSS Continues to Dominate

    Cross-Site Scripting (XSS) remains the most discovered vulnerability type at over 66% of all classified vulnerabilities disclosed.
  • Previous
    Bugcrowd Program Data
    Next

    Bugcrowd Program Data

    Bugcrowd platform data includes program data gathered since January 1, 2013, through March 31, 2016, as follows: 286 total programs, 64% private 37% public, 54,114 total submissions, $2,054,721 in bounty payments across 6,724 paid submissions, 26,782 researchers as of March 31, 2016
 

More organizations are adopting bug bounties—incentivized programs that encourage security researchers to report security issues to a sponsoring organization. Bug bounties are moving from novelties to best practices, helping to strengthen the security of products. "2015 was the year companies realized that when it comes to cyber-security, the pain of staying the same is exceeding the pain of change," said Casey Ellis, CEO and founder of Bugcrowd. "This tip is causing companies to realize that the only way to compete with an army of adversaries is with an army of allies. Even the most risk-averse industries are embracing and successfully implementing crowdsourced cyber-security programs." The study, "State of Bug Bounty Report," was conducted between Jan. 1, 2013, and March 30, 2016, by Bugcrowd, a crowdsourced security testing firm for enterprise. The report includes data from programs run on Bugcrowd's platform and a survey of 500 security researchers and 600 security professionals. Included in the term "bug bounty" are vulnerability disclosure programs, public bug bounty programs, and private programs.

 
 
 
 
 
Karen A. Frenkel writes about technology and innovation and lives in New York City.

 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login Register