1Bug Bounties Becoming Increasingly Popular, With Payouts Rising
Paying out a bug bounty—that is, rewarding a security researcher for responsibly disclosing a security vulnerability—is an increasingly popular and lucrative endeavor, according to Bugcrowd’s “2017 State of Bug Bounty” report. Bugcrowd offers its customers a managed bug bounty program that engages a “crowd” of researchers to help find software vulnerabilities. Across all industries served by Bugcrowd, the average bug payout last year was $451, up 53 percent year-over-year. Among Bugcrowd’s customer base, automotive clients reported the highest average bug bounty payout at $1,514, while those in retail and e-commerce paid an average of $403 per bug. In this slide show, eWEEK takes a look at some of the highlights of Bugcrowd’s third annual bug bounty report.
2Bug Bounty Payouts Rising
3Automotive Industry Pays Highest Bounties
4Mobile Bounties Have Lowest Average Payout
5SQL Injection Is Most Commonly Reported Critical Vulnerability
6Highest Payouts Are Made in India and US
Researchers from around the world participate in bug bounty programs. In terms of payouts, the Bugcrowd “2017 State of Bug Bounty” report found researchers in India topped the list at $1,591,485, followed by the United States at $1,436,147. In contrast, researchers in the UK earned a total of $535,080.
7Most Bug Bounty Programs Are Ongoing
8Most Bugcrowd Programs Are Private
Bugcrowd hosts more than 600 bug bounty programs, with the majority (77 percent) being private programs.