Critical Bug Bounty Reports on the Rise, HackerOne Finds

The 2018 Hacker-Powered Security report reveals that there has been an increasing volume of critical security vulnerabilities reported by researchers in the past year. HackerOne released its 2018 Hacker-Powered Security Report on July 11, providing insights into the current state of the bug bounty marketplace. The report is based on 78,275 security vulnerability reports that HackerOne received on its managed bug bounty platform, which handles programs for more than 1,000 organizations. The 46-page report reveals that the average bug bounty paid for a critical vulnerability in the past year was $2,000, up from the $1,923 that HackerOne reported in its 2017 study. HackerOne also found that the volume of submitted high or critical severity vulnerabilities rose by 22 percent year-over-year. All told, HackerOne reported that $11.7 million in bug bounties were paid to security researchers on its platform over the course of 2017.