HackerOne has introduced that its bug bounty packages have awarded over $300 million in rewards to moral hackers and vulnerability researchers for the reason that platform’s inception.
Thirty hackers have earned over 1,000,000 USD for his or her submissions, and one has damaged the document, receiving over $4 million for his bug experiences.
Based over a decade in the past, HackerOne is a bug bounty platform that connects organizations with a group of moral hackers who determine and report vulnerabilities and weaknesses in software program in alternate for a reward.
Primarily, it’s a bug bounty internet hosting and disclosure coordination platform permitting firms to handle experiences and resolve recognized points promptly whereas guaranteeing payouts to reporters.
This yr, it took a mean of 25.5 days for organizations to finalize the remediation of reported bugs, a 28% enchancment over final yr.
How a lot for a bug?
HackerOne launched its ‘2023 Hacker-Energy Safety Report‘, sharing insights on this yr’s developments.
The corporate highlighted that crypto and blockchain entities proceed to take pleasure in essentially the most consideration from moral hackers, fueled by the promise of the best payouts. This yr, the most important bounty paid was $100,050 from a crypto agency.
The median worth of a bug on the platform is $500 this yr and reaches $3,000 within the ninetieth percentile (highest 10%).
For vital and high-severity flaws, the common payout is $3,700 throughout all industries and goes as much as $12,000 within the ninetieth percentile.
HackerOne says conventional bug looking is not the one exercise on the platform, as pen-testing engagements rose by 54% this yr.
AI is each a assist and a goal
Over half of the moral hackers taking part in HackerOne packages report utilizing generative AI ultimately, together with writing higher experiences, writing code, and lowering language obstacles.
61% of them report planning to make use of generative AI to search out extra vulnerabilities, and 55% report anticipating AI instruments themselves to develop into a big goal within the coming years.
The bounty hunters are cut up in predicting whether or not AI will result in safer software program merchandise or a rise in vulnerabilities.
Different opinions recorded within the report embody motivation and discouraging elements, with bounties enjoying the largest (73%) function in taking part, adopted by an abundance of flaws (50%), alternative to be taught (45%), diversified scope (46%), and fast funds (42%).
However, issues that drive hackers away from a program embody sluggish response instances (60%), restricted scope (58%), poor communication (55%), low bounties (48%), and detrimental critiques (44%).
For these fascinated with getting concerned in HackerOne’s bug bounty program, you possibly can browse the listing of firms to be taught what’s in scope for locating bugs.
