Rapport HackerOne toont aan dat bug bounty en beloningen wereldwijd groeien
SAN FRANCISCO–(BUSINESS WIRE)– HackerOne, aanbieder van een toonaangevend platform voor bug bounty en blootlegging van kwetsbaarheden, heeft vandaag het “The 2017 Hacker-Powered Security Report” gepubliceerd. Dit rapport onderzoekt achthonderd programma’s die met steun van hackers tot stand zijn gekomen, waaronder projecten van Airbnb, GitHub, General Motors, Intel, Lufthansa, Nintendo, het Amerikaanse ministerie van Defensie, Uber en meer. De conclusies zijn gebaseerd op bijna 50.000 verholpen zwakke plekken en meer dan 17 miljoen dollar aan uitgekeerde beloningen – ‘s werelds grootste dataset.
Nu datalekken gemiddeld 4 miljoen dollar aan schade veroorzaken en aanvallen als WannaCru meer dan 8 miljard dollar kosten, werken de meeste veiligheidsbewuste bedrijven met hackers om onbekende zwakke punten te vinden. Beveiliging met hulp van hackers is een manier om kostbare zwakke plekken sneller op te sporen, met behulp van de creativiteit van ‘s werelds grootste collectief van ethische hackers. Het rapport onthult dat hackers gevaarlijke zwakke plekken vinden en daarvoor worden betaald. Bovendien is 32 procent van alle verholpen zwakke plekken geclassificeerd als zeer ernstig tot kritiek. De hoogste beloningen voor één enkele melding liggen rond de 30.000 dollar.
HackerOne Report Shows Bug Bounty Industry and Bounty Rewards Are On the Rise Globally |
|||||
SAN FRANCISCO–(BUSINESS WIRE)– HackerOne, the leading bug bounty and vulnerability disclosure platform provider, today published “ The 2017 Hacker-Powered Security Report” that examines over 800 hacker-powered programs from organizations including Airbnb, GitHub, General Motors, Intel, Lufthansa, Nintendo, U.S. Department of Defense, Uber, and more. Findings are based on nearly 50,000 resolved security vulnerabilities and more than $17 million in bounties awarded — the world’s largest platform dataset. With data breaches averaging $4 million in losses globally and the downtime caused by attacks like WannaCry costing upwards of $8 billion, the most security conscious organizations are working with hackers to find unknown vulnerabilities. Hacker-powered security provides a way to identify high-value vulnerabilities faster, leveraging the creativity of the world’s largest ethical hacker community. The report data reveals that hackers are finding severe vulnerabilities and getting paid for it, with 32 percent of resolved vulnerabilities classified as high to critical severity, and top rewards reaching $30,000 USD for a single report. Hackers in over 90 countries are earning bounty rewards. The most competitive organizations are awarding hackers nearly $900,000 USD a year, with critical vulnerabilities earning $1,923 on average. In the past 12 months, 88 individual bug bounties rewards were over $10,000 USD. “Hacker-powered security programs are undeniably effective at finding vulnerabilities organizations never knew existed,” said Alex Rice, CTO and founder, HackerOne. “The report showcases the success of these programs and the diverse capabilities of the global hacker community, with nearly 50,000 security vulnerabilities resolved.” The 2017 Hacker-Powered Security Report Key Findings:
The most authoritative report on bug bounties and hacker-powered security The 2017 Hacker-Powered Security Report examines data collected from over 800 bug bounty and vulnerability disclosure programs around the world. The report includes analysis of nearly 50,000 vulnerabilities resolved from over 13 industries, plus insight from more than 600 customers and over 100,000 registered hackers. HackerOne also analyzed vulnerability disclosure policy data from the Forbes Global 2000 to better understand hacker-powered security adoption. The 2017 Hacker-Powered Security Report is based on the most comprehensive platform dataset, and it provides insight into the adoption rate of bug bounties, pricing strategies, hacker motivations, and more. The full report is available at: https://www.hackerone.com/resources/hacker-powered-security-report About HackerOne HackerOne is the #1 hacker-powered security platform, connecting organizations with the world’s largest community of trusted hackers. More than 800 organizations, including the U.S. Department of Defense, General Motors, Uber, Twitter, GitHub, Nintendo, Kaspersky Lab, Panasonic Avionics, Qualcomm, Square, Starbucks, Dropbox and the CERT Coordination Center trust HackerOne to find critical software vulnerabilities before criminals can exploit them. HackerOne customers have resolved nearly 50,000 vulnerabilities and awarded more than $17M in bug bounties. HackerOne is headquartered in San Francisco with offices in London and the Netherlands. View source version on businesswire.com: http://www.businesswire.com/news/home/20170627005599/en/ Contacts HackerOne |