HackerOne Exceeds $300m in Bug Bounty Payments


Ethical hackers using the HackerOne bug bounty program have earned over $300m since its inception over a decade ago, according to a new report.

The firm’s annual Hacker-Powered Security Report also revealed that 30 security researchers have earned over $1m on the platform, with one exceeding $4m in total earnings.

Over (57%) of the HackerOne customers polled for the research said exploited vulnerabilities are the biggest threat to their organization, more than those who cited phishing (22%), insider threats (12%) and nation-state actors (10%).

Some 70% claimed the efforts of ethical hackers have helped them prevent a significant security incident, and 96% said that third-party vulnerability reports have helped improve resilience.

Read more on bug bounty programs: Bug Bounty Giant Slams Quality of Vendor Patching

Organizations are also getting faster at fixing vulnerabilities, with the average platform-wide remediation time dropping 10 days in 2023, according to the report. Automotive, media and entertainment, and government verticals saw the biggest decrease in remediation time, with improvements of 50% or more.

Generative AI (GenAI) featured heavily in the report: 61% of ethical hackers said they plan to use it to develop new tools to find vulnerabilities, while over half (51%) predicted that GenAI would itself become a major target for attacks. As a result, 62% said they plan to specialize in the OWASP Top 10 for Large Language Models.

“Organizations are under pressure to adopt GenAI to stay ahead of competitors, which, in turn, is transforming the threat landscape. If you want to remain proactive about new threats, you need to learn from the experts in the trenches: hackers,” said Chris Evans, HackerOne CISO.

“The Hacker-Powered Security Report makes clear that hackers are actively growing their skillsets to meet emerging threats. The versatility of hackers and the impact of the vulnerabilities they surface make them instrumental to how our customers anticipate and address risk.”



Source link