HackerOne paid ethical hackers over $300 million in bug bounties

HackerOne has announced that its bug bounty programs person awarded complete $300 cardinal successful rewards to ethical hackers and vulnerability researchers since nan platform's inception.

Thirty hackers person earned complete a cardinal USD for their submissions, and 1 has surgery nan record, receiving complete $4 million for his bug reports.

Founded complete a decade ago, HackerOne is simply a bug bounty level that connects organizations pinch a organization of ethical hackers who place and study vulnerabilities and weaknesses successful package successful speech for a reward.

Essentially, it is simply a bug bounty hosting and disclosure coordination level allowing companies to negociate reports and resoluteness identified issues promptly while guaranteeing payouts to reporters.

This year, it took an mean of 25.5 days for organizations to finalize nan remediation of reported bugs, a 28% betterment complete past year.

How overmuch for a bug?

HackerOne released its '2023 Hacker-Power Security Report', sharing insights connected this year's trends.

The institution highlighted that crypto and blockchain entities proceed to bask nan astir attraction from ethical hackers, fueled by nan committedness of nan highest payouts. This year, nan largest bounty paid was $100,050 from a crypto firm.

The median value of a bug connected nan level is $500 this twelvemonth and reaches $3,000 successful nan 90th percentile (highest 10%).

For captious and high-severity flaws, nan mean payout is $3,700 crossed each industries and goes up to $12,000 successful nan 90th percentile.

Critical and precocious severity flaw payouts per industry (HackerOne)

HackerOne says accepted bug hunting isn't nan only activity connected nan platform, arsenic pen-testing engagements roseate by 54% this year.

AI is some a thief and a target

Over half of nan ethical hackers participating successful HackerOne programs study utilizing generative AI successful immoderate way, including penning amended reports, penning code, and reducing connection barriers.

61% of them study readying to usage generative AI to find much vulnerabilities, and 55% study expecting AI devices themselves to go a important target successful nan coming years.

The bounty hunters are divided successful predicting whether AI will lead to safer package products aliases an summation successful vulnerabilities.

Areas ethical hackers focused their efforts this year (HackerOne)

Other opinions recorded successful nan study see information and discouraging factors, pinch bounties playing nan biggest (73%) domiciled successful participating, followed by an abundance of flaws (50%), opportunity to study (45%), varied scope (46%), and speedy payments (42%).

Factors playing a affirmative domiciled for hackers (HackerOne)

On nan different hand, things that thrust hackers distant from a programme see slow consequence times (60%), constricted scope (58%), mediocre connection (55%), debased bounties (48%), and antagonistic reviews (44%).

For those willing successful getting progressive successful HackerOne's bug bounty program, you can browse nan directory of companies to study what is successful scope for uncovering bugs.