HackerOne has introduced that its bug bounty packages have awarded over $300 million in rewards to moral hackers and vulnerability researchers because the platform’s inception.
Thirty hackers have earned over one million USD for his or her submissions, and one has damaged the file, receiving over $4 million for his bug reviews.
Based over a decade in the past, HackerOne is a bug bounty platform that connects organizations with a group of moral hackers who establish and report vulnerabilities and weaknesses in software program in change for a reward.
Primarily, it’s a bug bounty internet hosting and disclosure coordination platform permitting corporations to handle reviews and resolve recognized points promptly whereas guaranteeing payouts to reporters.
This yr, it took a median of 25.5 days for organizations to finalize the remediation of reported bugs, a 28% enchancment over final yr.
How a lot for a bug?
HackerOne launched its ‘2023 Hacker-Energy Safety Report’, sharing insights on this yr’s tendencies.
The corporate highlighted that crypto and blockchain entities proceed to take pleasure in essentially the most consideration from moral hackers, fueled by the promise of the best payouts. This yr, the biggest bounty paid was $100,050 from a crypto agency.
The median worth of a bug on the platform is $500 this yr and reaches $3,000 within the ninetieth percentile (highest 10%).
For essential and high-severity flaws, the common payout is $3,700 throughout all industries and goes as much as $12,000 within the ninetieth percentile.
HackerOne says conventional bug searching is not the one exercise on the platform, as pen-testing engagements rose by 54% this yr.
AI is each a assist and a goal
Over half of the moral hackers collaborating in HackerOne packages report utilizing generative AI in a roundabout way, together with writing higher reviews, writing code, and lowering language limitations.
61% of them report planning to make use of generative AI to seek out extra vulnerabilities, and 55% report anticipating AI instruments themselves to turn out to be a big goal within the coming years.
The bounty hunters are break up in predicting whether or not AI will result in safer software program merchandise or a rise in vulnerabilities.
Different opinions recorded within the report embody motivation and discouraging elements, with bounties enjoying the largest (73%) position in collaborating, adopted by an abundance of flaws (50%), alternative to study (45%), diverse scope (46%), and fast funds (42%).
However, issues that drive hackers away from a program embody gradual response instances (60%), restricted scope (58%), poor communication (55%), low bounties (48%), and detrimental opinions (44%).
For these interested by getting concerned in HackerOne’s bug bounty program, you’ll be able to browse the listing of corporations to study what’s in scope for locating bugs.
