SYS-CON MEDIA Authors: Yeshim Deniz, Elizabeth White, Pat Romanski, Carmen Gonzalez, Zakia Bouachraoui

News Feed Item

HackerOne Report Unveils Latest Hacker-Powered Security Trends From Largest Vulnerability Data Set

HackerOne, the leading bug bounty and vulnerability disclosure platform, today announced findings from the 2018 Hacker-Powered Security Report, based on over 72,000 resolved security vulnerabilities, 1,000 customer programs and more than $31 million in bounties awarded to hackers from over 100 countries. The annual report is a benchmark study of the bug bounty and vulnerability disclosure ecosystem based on the largest data set of reported vulnerabilities.

Hackers are finding more severe vulnerabilities than ever before. The total number of high or critical severity vulnerabilities increased by 22 percent in 2017. Furthermore, 24 percent of resolved vulnerabilities were classified as high to critical severity across industries. As a result, bounties for high impact findings are rising. The top bounty awarded for a single report reached $75,000 in 2017. The most competitive programs like Google, Microsoft and Intel are offering $250,000 bounty awards for critical issues. Meanwhile, false positives are becoming a relic of the past, with 80 percent Signal platform-wide, meaning 80 percent of submitted and qualified reports are valid.

“Crowdsourced security testing is rapidly approaching critical mass, and ongoing adoption and uptake by buyers is expected to be rapid,” Gartner reported. Governments are leading the way with adoption globally. In the government sector there was a 125 percent increase year over year with new program launches including the European Commission and the Ministry of Defense Singapore, joining the U.S. Department of Defense on HackerOne. Proposed legislations like Hack the Department of Homeland Security Act, Hack Your State Department Act, Prevent Election Voting Act, and the Department of Justice Vulnerability Disclosure Framework further demonstrate public sector support for hacker-powered security.

Industries beyond technology continued to increase share of the overall hacker-powered security markets. Consumer Goods, Financial Services & Insurance, Government, and Telecommunications account for 43 percent of today’s bug bounty programs. Automotive programs increased 50% in the past year and Telecommunications programs increased 71 percent. Enterprises across industries saw a 54 percent increase in year over year VDP adoption. Still, leading organizations remain vastly underprepared for effective discovery, communication, remediation, and disclosure of vulnerabilities as 93% of the 2017 Forbes Global 2000 list do not have a policy to receive, respond, and resolve critical bug reports submitted by third parties.

“The world is embracing the highly skilled and creative hacker community to help reduce cyber risk,” said Marten Mickos, CEO of HackerOne. “A model once reserved for the largest, tech-advanced companies in the world, is now being implemented by organizations of any size, industry and connected corner of the globe. Hacker-powered security is reaching critical mass, and everyone is benefitting from a more secure internet.”

The most authoritative report on the hacker-powered security ecosystem.

The 2018 Hacker-Powered Security Report examines data collected from over 1,000 bug bounty and vulnerability disclosure programs around the world. The report includes analysis of nearly 72,000 resolved vulnerabilities, plus insight from HackerOne’s community of over 200,000 registered hackers. HackerOne also analyzed VDP data from the Forbes Global 2000 to better understand hacker-powered security adoption.

The full report is available at https://www.hackerone.com/resources/hacker-powered-security-report.

About HackerOne

HackerOne is the #1 hacker-powered security platform, helping organizations receive and resolve critical vulnerabilities before they can be exploited. More Fortune 500 and Forbes Global 1000 companies trust HackerOne more than any other hacker-powered security partner. Organizations, including the U.S. Department of Defense, U.S. General Service Administration, General Motors, Google, Twitter, GitHub, Nintendo, Lufthansa, Panasonic Avionics, Qualcomm, Starbucks, Dropbox, Intel, and the CERT Coordination Center trust HackerOne to find critical software vulnerabilities. HackerOne customers have resolved over 72,000 vulnerabilities and awarded over $31M in bug bounties. HackerOne is headquartered in San Francisco with offices in London, New York, and the Netherlands.

More Stories By Business Wire

Copyright © 2009 Business Wire. All rights reserved. Republication or redistribution of Business Wire content is expressly prohibited without the prior written consent of Business Wire. Business Wire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

Latest Stories
The Blockchain Benchmark asks and answers the questions many people want to know about the state of Blockchain: What are the biggest barriers? What was your motivation to get involved? When will it mainstream? Who are the true influencers? What are its top use cases? Who will win over the next 5 years? How will the future unfold? And 20+ other valuable questions.
In addition to 22 Keynotes and General Sessions, attend all FinTechEXPO Blockchain "education sessions" plus 40 in two tracks: (1) Enterprise Cloud (2) Digital Transformation. PRICE EXPIRES AUGUST 31, 2018. Ticket prices: ($295-Aug 31) ($395-Oct 31) ($495-Nov 12) ($995-Walk-in) Does NOT include lunch.
SAP is the world leader in enterprise applications in terms of software and software-related service revenue. Based on market capitalization, we are the world's third largest independent software manufacturer. Harness the power of your data and accelerate trusted outcome-driven innovation by developing intelligent and live solutions for real-time decisions and actions on a single data copy. Support next-generation transactional and analytical processing with a broad set of advanced analytics - r...
DXWorldEXPO LLC announced today that Kevin Jackson joined the faculty of CloudEXPO's "10-Year Anniversary Event" which will take place on November 11-13, 2018 in New York City. Kevin L. Jackson is a globally recognized cloud computing expert and Founder/Author of the award winning "Cloud Musings" blog. Mr. Jackson has also been recognized as a "Top 100 Cybersecurity Influencer and Brand" by Onalytica (2015), a Huffington Post "Top 100 Cloud Computing Experts on Twitter" (2013) and a "Top 50 C...
Provide an overview of the capabilities of Azure Stack allowing you or your customers to adopt truly consistent Hybrid Cloud capabilities to deliver greater productivity in your cloud world. Ultan Kinahan is on a member of the Global Black Belt team at Microsoft with a focus on Azure Stack Hybrid Cloud. Ultan has been in the Azure team since the beginning, Has held roles in Engineering, Sales and now consults with both small to medium size business and the worlds largest organizations on how to ...
As the fourth industrial revolution continues to march forward, key questions remain related to the protection of software, cloud, AI, and automation intellectual property. Recent developments in Supreme Court and lower court case law will be reviewed to explain the intricacies of what inventions are eligible for patent protection, how copyright law may be used to protect application programming interfaces (APIs), and the extent to which trademark and trade secret law may have expanded relev...
Early Bird Registration Discount Expires on August 31, 2018 Conference Registration Link ▸ HERE. Pick from all 200 sessions in all 10 tracks, plus 22 Keynotes & General Sessions! Lunch is served two days. EXPIRES AUGUST 31, 2018. Ticket prices: ($1,295-Aug 31) ($1,495-Oct 31) ($1,995-Nov 12) ($2,500-Walk-in)
Andrew Keys is Co-Founder of ConsenSys Enterprise. He comes to ConsenSys Enterprise with capital markets, technology and entrepreneurial experience. Previously, he worked for UBS investment bank in equities analysis. Later, he was responsible for the creation and distribution of life settlement products to hedge funds and investment banks. After, he co-founded a revenue cycle management company where he learned about Bitcoin and eventually Ethereal. Andrew's role at ConsenSys Enterprise is a mul...
Contino is a global technical consultancy that helps highly-regulated enterprises transform faster, modernizing their way of working through DevOps and cloud computing. They focus on building capability and assisting our clients to in-source strategic technology capability so they get to market quickly and build their own innovation engine.
Blockchain is a new buzzword that promises to revolutionize the way we manage data. If the data is stored in a blockchain there is no need for a middleman - the distributed database is stored on multiple and there is no need to have a centralized server that will ensure that the transactions can be trusted. The best way to understand how a blockchain works is to build one. During this presentation, we'll start with covering the basics (hash, nounce, block, smart contracts) and then we'll create ...
DevOpsSUMMIT at CloudEXPO will expand the DevOps community, enable a wide sharing of knowledge, and educate delegates and technology providers alike. Recent research has shown that DevOps dramatically reduces development time, the amount of enterprise IT professionals put out fires, and support time generally. Time spent on infrastructure development is significantly increased, and DevOps practitioners report more software releases and higher quality. Sponsors of DevOpsSUMMIT at CloudEXPO will b...
FinTech Is Now Part of the CloudEXPO New York Program. Financial enterprises in New York City, London, Singapore, and other world financial capitals are embracing a new generation of smart, automated FinTech that eliminates many cumbersome, slow, and expensive intermediate processes from their businesses. Accordingly, attendees at the upcoming 22nd CloudEXPO | DXWorldEXPO November 12-13, 2018 in New York City will find fresh new content in two new tracks called: FinTechEXPO New York Blockchain E...
In addition to 22 Keynotes and General Sessions, pick from 40 technical sessions in two tracks: (1) DevOpsSUMMIT (2) Cloud-Native & Serverless. EXPIRES AUGUST 31, 2018. Ticket prices: ($295-Aug 31) ($395-Oct 31) ($495-Nov 12) ($595-Walk-in) Does NOT include lunch. DevOps Institue Certification DevOps Institute Two-Day DevOps Certification Program EXPIRES AUGUST 31, 2018. Ticket prices: ($995-Aug 31) ($1,095-Oct 31) ($1,195-Nov 12) ($1,395-Walk-in)
Cloud adoption is a core component of digital transformation. Scaling the IT environment, making it resilient, and reducing costs are what organizations want. Hear from the author of the best selling Packtbook "Architecting Cloud Computing Solutions" as he presents and explains critical Cloud solution design considerations and technology decisions required to choose and deploy the right Cloud service and deployment models, that are aligned to your business and technology service requirements. T...
Wasabi is the hot cloud storage company delivering low-cost, fast, and reliable cloud storage. Wasabi is 80% cheaper and 6x faster than Amazon S3, with 100% data immutability protection and no data egress fees. Created by Carbonite co-founders and cloud storage pioneers David Friend and Jeff Flowers, Wasabi is on a mission to commoditize the storage industry. Wasabi is a privately held company based in Boston, MA. Follow and connect with Wasabi on Twitter, Facebook, Instagram and the Wasabi blog...