- La colaboración entre Seguridad y FinOps puede generar beneficios ocultos en la nube
- El papel del CIO en 2024: una retrospectiva del año en clave TI
- How control rooms help organizations and security management
- ITDM 2025 전망 | “효율경영 시대의 핵심 동력 ‘데이터 조직’··· 내년도 활약 무대 더 커진다” 쏘카 김상우 본부장
- 세일포인트 기고 | 2025년을 맞이하며… 머신 아이덴티티의 부상이 울리는 경종
HackerOne Exceeds $300m in Bug Bounty Payments
Ethical hackers using the HackerOne bug bounty program have earned over $300m since its inception over a decade ago, according to a new report.
The firm’s annual Hacker-Powered Security Report also revealed that 30 security researchers have earned over $1m on the platform, with one exceeding $4m in total earnings.
Over (57%) of the HackerOne customers polled for the research said exploited vulnerabilities are the biggest threat to their organization, more than those who cited phishing (22%), insider threats (12%) and nation-state actors (10%).
Some 70% claimed the efforts of ethical hackers have helped them prevent a significant security incident, and 96% said that third-party vulnerability reports have helped improve resilience.
Read more on bug bounty programs: Bug Bounty Giant Slams Quality of Vendor Patching
Organizations are also getting faster at fixing vulnerabilities, with the average platform-wide remediation time dropping 10 days in 2023, according to the report. Automotive, media and entertainment, and government verticals saw the biggest decrease in remediation time, with improvements of 50% or more.
Generative AI (GenAI) featured heavily in the report: 61% of ethical hackers said they plan to use it to develop new tools to find vulnerabilities, while over half (51%) predicted that GenAI would itself become a major target for attacks. As a result, 62% said they plan to specialize in the OWASP Top 10 for Large Language Models.
“Organizations are under pressure to adopt GenAI to stay ahead of competitors, which, in turn, is transforming the threat landscape. If you want to remain proactive about new threats, you need to learn from the experts in the trenches: hackers,” said Chris Evans, HackerOne CISO.
“The Hacker-Powered Security Report makes clear that hackers are actively growing their skillsets to meet emerging threats. The versatility of hackers and the impact of the vulnerabilities they surface make them instrumental to how our customers anticipate and address risk.”