This is the first in a six-part series expanding on the “key findings” of the Hacker-Powered Security Report 2017. Based on data gathered from over 800 hacker-powered security programs, plus surveys of both those managing the programs and the participating hackers, the report provides striking new insights to help more organizations understand and implement hacker-powered security.
When hacker-powered security is mentioned, you might assume it’s a bleeding-edge technique reserved for risk-tolerant tech firms. But incorporating bug bounty programs, working with ethical hackers, and encouraging vulnerability disclosures is being adopted across industries.
Hacker-Powered Security Report Key Finding #1: Bug bounties aren’t just for technology companies.
The Hacker-Powered Security Report found that, even though tech companies are still leading the charge, more than 40 percent of programs launched in 2016 are from companies and organizations outside of the technology industry.
Governments, media and entertainment, financial services and banking, and ecommerce and retail industries all showed significant growth from previous year. Even the travel and hospitality industry showed increase in the number of bug bounty programs launched last year. Today, companies like General Motors, Starbucks, and Lufthansa are turning hacker-powered security into a mainstream corporate security practice.
On the government side, the U.S. Department of Defense launched programs across their organization, from Hack The Pentagon to Hack The Air Force. Even the General Services Administration and the Internal Revenue Service jumped aboard the hacker-powered train. Other government agencies, such as the National Highway Traffic Safety Administration, the Food and Drug Administration, and the Federal Trade Commission, released statements strongly encouraging companies to adopt hacker-powered security measures.
The growth is not only being seen in the number of programs appearing outside of tech, but also in the amount of bounties being paid to hackers. We won’t spoil the details on the report’s #4 key finding, but data does show the transportation and the ecommerce and retail industries both surpassed the one-million-dollar mark in total bounties paid. Check back next week for our dive into the Hacker-Powered Security Report’s number two key finding: falling security response times!
HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty program solutions encompass vulnerability assessment, crowdsourced testing and responsible disclosure management. Discover more about our security testing solutions or Contact Us today.