Skip to main content
close search
site logo
Dive Brief

Call the exterminator: Awards for bug bounties up 33%

Published July 12, 2018
Samantha Schwartz's headshot
Samantha Schwartz Reporter
Adobe Stock

Dive Brief:

  • As cyberthreats mature, organizations are looking for more creative ways to find them with bug bounty programs. Awards for finding vulnerabilities increased by 33%, rising to an average award of $20,000, according to HackerOne's 2018 security report of more than 1,000 bug bounty and vulnerability disclosure programs (VDPs).

  • With a 143% year-over-year increase, Latin America experienced the largest increase in bug bounty and VDPs. North America and Asia Pacific saw a 37% rise, but U.S.-based organizations pay the most for their bounties, with hackers earning nearly one-fifth of all bounty-related award money.

  • The industries with the fastest reported time to resolution are consumer goods at 14 days, followed by financial services and insurance at 19 days and healthcare at 20 days. Technology is ranked fourth with 64 days. A faster time to resolution is an indicator of "program health" and the bounty is expected to be paid shortly after resolution or at the validation point, according to the report.

Dive Insight:

The more damaging the vulnerability, the more organizations are willing to pay for bounties.

Technology can only do so much and most security scanners cannot find a flaw it doesn't already know exists, according to the report. The report defines hackers as people who "[enjoy] the intellectual challenge of overcoming limitations" and can find flaws computers are unaware of.

Companies are now expected to broaden their perception of who hackers are and reevaluate their value. Changing the stereotype of hackers starts with veering away from the "hoodie" perception of security experts and embracing the diversity the hacker community has to offer.

Organizations need the aggressive view of technology hackers embrace. Some companies are even beginning to build their own bug bounty programs internally or at least considering program development.

By employing the mindset of a hacker, companies better equip themselves to changing the "attributes of technology" to defend against malicious actors looking to change the attributes of reality, according to Rob Fuller, a hacker who spoke at a Gartner symposium in National Harbor, Maryland in June. 

If technology remains the sole defense of a company, it is missing out on the human nature of hacking and major tech companies know this. In 2017, Google paid nearly $3 million in bounties with one hacker walking away with $112,500. Shortly after the Meltdown and Spectre revelations, Intel announced a revamp of its bug bounty program, offering up to $250,000 for discovered vulnerabilities.

Recommended Reading

Filed Under: Security

Editors' picks

Company Announcements

View all | Post a press release
Viz.ai Wins Prestigious Prix Galien USA Award for Best Digital Health Solution
From Viz.ai
November 12, 2024
Unanet Acquires GovPro AI to Enable Customers to Win More Business
From Unanet
November 22, 2024
Legion Technologies Partners with Vail Resorts to Expand Workforce Management Across 37 Resort…
From Legion Technologies
November 19, 2024
New Research Reveals AI's Impact on IT's Power, Status, and Pay
From 1E
November 21, 2024
Editors' picks
Latest in Security
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell