Report Highlights

  • Learn how the security community is responding to COVID-19

  • Discover how security leaders are changing their strategies to keep pace with continuous development

  • Get insight into vulnerability trends across the world

Read the Report

Download the full report to learn more.

Download Now

Bounty Earnings
YoY Growth by Region

Hackers around the world increased their earnings this past year, with APAC realizing 131% growth year-over-year. EMEA earnings nearly doubled, with 90% growth, and North America and LATAM both increased earnings by more than 60%.

Bounty earnings year over year growth by region: Latin America - 90%, North America - 131%, EMEA - 60%, Asia Pacific - 69%, Total - 87%

Countries at the top maintained their status as biggest payers, with Russia ($887,000), the United Kingdom ($559,000), Singapore ($506,000), and Canada ($497,000) rounding out the top five. Russia moved up from sixth place last year to push Germany into sixth place with $363,000 in bounties paid.

Map of top countries: 1. United Stats 2. Canada 3. Russia 4. UK 5. Singapore

Program Growth
YoY by Region

North America remains the largest region, with 69% of all programs, but it’s being challenged by all other regions. EMEA alone accounted for 20% of all new programs launched in the past year, and year-over-year growth in APAC was 93%—nearly doubling in total number of programs in that region.

Program growth year over year by region: APAC - 93%, North America - 72%, EMEA - 41%, Latin America - 29%

Industry Adoption

A Vulnerability Disclosure Policy (VDP) is the first step in helping protect your company from an attack or premature vulnerability release to the public.

Industry landscape chart: fast and high value - automotive, healthcare, financial services | follower - telecommunications | early adopter - government/federal, aerospace | slow and low value - retail and commerce

Top 10 Vulnerability Types

Top 10 vulnerability types: Xss - 23%, Information Disclosure - 18%, Improper Access Control - 18%, Improper Authentication - 7%, Violation of Secure Design Principles - 6%, Open Redirect - 6%, Business Logic Errors - 5%, Insecure Direct Object Reference - 5%, Privelege Escalation - 5%, Cross-Site Request Forgery - 4%

Get the Full Report

Read more about the state of Hacker-Powered Security in the comprehensive report.

Download Now
Preview of security report