HackerOne, a pioneer in bug bounty platforms, proudly announces crossing the $300 million mark in awards for ethical hackers and vulnerability researchers. This milestone comes as thirty hackers have earned over a million USD for their submissions, with one setting a new record by receiving over $4 million for invaluable bug reports.
Founded more than a decade ago, HackerOne serves as the vital link connecting organizations with a vibrant community of ethical hackers. They aim to identify and report software vulnerabilities and weaknesses in exchange for well-deserved rewards.
In essence, HackerOne functions as both a bug bounty hosting platform and a disclosure coordination hub. Companies utilize its services to efficiently manage reported issues and promptly resolve identified vulnerabilities while ensuring fair payouts to diligent reporters.
A notable development this year is the remarkable reduction in the time taken by organizations to address reported bugs. On average, it now takes 25.5 days for the complete remediation of such vulnerabilities, marking a commendable 28% improvement compared to the previous year.
Bug Bounty Insights: What’s the Value of a Bug?
HackerOne’s recent release, the 2023 Hacker-Power Security Report provides illuminating insights into this year’s bug bounty landscape.
Of particular interest, crypto and blockchain entities continue to attract significant attention from ethical hackers, primarily due to the allure of substantial payouts. This year, the most generous bounty reached $100,050, courtesy of a crypto firm.
The report reveals that the median value of a reported bug stands at $500 this year, while in the 90th percentile, it climbs to $3,000. For bugs categorized as critical or high-severity, the average payout across all industries amounts to $3,700, with the 90th percentile offering rewards of up to $12,000.
HackerOne emphasizes that traditional bug hunting is just one facet of its platform. This year, pen-testing engagements have surged by 54%.
AI’s Role in Ethical Hacking
A fascinating aspect of the report is the integration of generative AI by more than half of the ethical hackers involved in HackerOne programs. AI tools assist in creating superior reports, and code, and mitigating language barriers. Moreover, 61% of participants intend to use generative AI to unearth more vulnerabilities, with 55% anticipating that AI tools themselves will become a significant target for attacks in the near future.
The report delves into the diverse opinions held by bounty hunters regarding the impact of AI on software security. Opinions are divided between those who foresee AI leading to safer software products and those who predict an increase in vulnerabilities.
Additionally, the report captures various motivations and deterrents among ethical hackers. The primary incentives include bounties (73%), a plethora of vulnerabilities (50%), learning opportunities (45%), diverse scopes (46%), and expedited payments (42%). Conversely, factors that discourage participation include slow response times (60%), limited scopes (58%), ineffective communication (55%), low bounties (48%), and negative program reviews (44%).
For those keen on joining HackerOne’s bug bounty program, a comprehensive directory of companies and their respective bug-finding scopes is readily accessible for exploration.