Report: Bug bounty reward continues to soar
Today, the average expenditure on a critical vulnerability has almost reached $3,400, but in this vulnerability market where 500,000 people are involved, there are usually only a handful of top-level vulnerability hunters who can really make a profit. According to security project management company HackerOne, as more and more companies participate in crowdsourcing challenges to attract security-conscious freelancers and ethical hackers to analyze their code, the vulnerability bounty continues to soar, but true opportunities for profiting usually belong to only a very small number of participants.
In its latest release of the annual Hacker-Powered Security Report 2019, HackerOne found that the average rewards paid by the Vulnerability Reward Project sponsoring company to key vulnerability finder have soared to $3,384 per unit. The average for the previous year increased by 48%, while cryptocurrency and blockchain companies paid the highest level of bounty – an average of $6,124. Over the past 12 months, customers on the HackerOne platform have received more than 30,000 security issues, and these customers have provided more than $21 million in bounty to vulnerability researchers.
Marten Mickos, CEO of HackerOne, said:
“Hacking is here for good, for the good of all of us. Half a million hackers have willingly signed up with HackerOne to help solve one of the greatest challenges our society faces today. We cannot prevent data breaches, reduce cyber crime, protect privacy or restore trust in society without pooling our defenses and asking for external help.”
According to each company’s statistics, more than 1,400 enterprise organizations use HackerOne’s services, and 1,200 corporate organizations use crowdsourcing security services from competitors Bugcrowd. More than a quarter of the HackerOne projects are used in the Internet and online services, and another 20% is comprised of computer software companies. In addition, financial services and media companies are also important components – each accounting for more than 7% of the market.
For the more than 500,000 registrants on the HackerOne platform, only a handful of top hunter hunters can really make a profit – the survey shows that only six participants earned more than $1 million on the HackerOne platform, and another seven participants Lifetime revenues exceed $500,000 – these people clearly account for only a tiny fraction of the HackerOne platform registrants.
