The Hacker-Powered Security Report 2018 Key Findings Highlighted

The Hacker-Powered Security Report 2018 is the most comprehensive report on hacker-powered security. We analyzed 78,275 security vulnerability reports received in the past year from ethical hackers that reported them to over 1,000 organizations through HackerOne. 

Hackers are finding more severe vulnerabilities driving increased bounty awards. 24% of resolved vulnerabilities are classified as high to critical severity. False positives are becoming a relic of the past, with 80% signal platform-wide, meaning 80% of submitted reports are valid.

Watch this fireside chat  to review these highlights and more. Some of our key findings include:

  • Over $31M has been awarded to hackers as of June 2018 with $11.7M awarded in 2017 alone.
  • A total of 116 unique bug reports earned bounties over $10,000 in the past year with the average amount paid for critical issues rising to over $2,000.Organizations are now offering as much as $250,000.
  • 93% of the Forbes Global 2000 list do not have a policy to receive, respond, and resolve critical bug reports submitted by the outside world.
  • Less than 5% of hackers learn their skills in the classroom - hackers want more education.

Zero Daily editor Luke Tucker presents the high-level walkthrough of the report highlights and then interviews HackerOne CEO Marten Mickos on his perspectives for the key findings and trends he’s noticing for company decision makers. 
 

“The Hacker-Powered Security Report 2018 compiled comprehensive analysis on the hacker-powered security environment, including a deep dive into different types of hacks across a wide variety of industries… the analysis suggests that hackers and enterprises have much reason to be optimistic.” - Infosecurity magazine