The Hacker-Powered Security Report: Insights from Over 800 Programs

Did you know 94% of the Forbes Global 2000 do not have known vulnerability disclosure policies? It’s true, and the average amount paid out for a critical vulnerability by HackerOne Bug Bounty customers is $1,923 in 2017.

Curious which industry pays out the most Information Disclosure Bugs? Or which vulnerability class eclipsed Cross-Site Scripting as the top vulnerability in Financial & Banking Firms? That’s on page 10 of the report.

What about where hackers are earning the most bounties? The answer on page 17 of the report may surprise you.

These stats and many more are explored and explained in The Hacker-Powered Security Report, our most recent deep dive into the data from more than 800 programs that have resolved nearly 50,000 security vulnerabilities with our hacker-powered security platform. We also interviewed 600+ hackers and just as many customers including what worries companies the most and what motivates hackers to hack. Read on for some key highlights or get the report now by clicking the button below.

Download The Hacker-Powered Security Report

What’s in the Report

Hacker-powered security programs are not just for cutting-edge technology companies. As you’ll learn in this report, organizations like General Motors, Intel, Starbucks, the U.S. Department of Defense, Lufthansa, Nintendo, Qualcomm, and many more, have embraced continuous, hacker-powered security as a key component of their security efforts.

That means more companies than ever are leveraging a vast number of talented, motivated hackers through bug bounty programs, time-bound bug bounty programs, vulnerability disclosure programs, and other hacker-powered techniques.

A Few Key Highlights

You’re going to want to download and read the full report, but you’re probably wondering what’s in it. Well, here are a few findings:

• 41% of new bug bounty programs launched in 2016 were from outside the tech industry, with governments, media and entertainment, financial services and banking, and ecommerce and retail industries all showing significant growth. Tweet this

• $1,923 is the average bounty paid to hackers for a critical vulnerability in 2017 to date, compared to $1,624 in 2015 — an increase of 16 percent. Tweet this

• 94% of the Forbes Global 2000 do not have known vulnerability disclosure policies. Tweet this

As hacker-powered security moves into the mainstream, more companies and organizations can benefit from the report’s findings. The Hacker-Powered Security Report gleans insights from across the spectrum and breaks the findings down by industry to make clear how different industries are approaching and benefiting from hacker-powered security. It also shows how individual programs change over time to adapt to security improvements, expanding scopes, moving from private to public programs, and repeat engagements with hackers.

Hacker Survey

The report also looks at the hackers themselves, shedding light on who they are and their motivations for helping improve product security. If you thought it was purely money, that’s not always the case: 57% of hackers say they were involved with bounty programs that didn’t offer monetary payouts.

Get the Report

Discover even more details on how hacker-powered security is shaping the security posture of companies just like yours.

Download The Hacker-Powered Security Report

OK, one more spoiler: Are you considering a hacker-powered component for your security program? You’ll be pleased to hear that 95% of HackerOne customers would recommend such a program to their peers! Talk to us today to learn more.

HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty program solutions encompass vulnerability assessment, crowdsourced testing and responsible disclosure management. Discover more about our security testing solutions or Contact Us today.