Automotive Bug Bounty Payouts Far Exceed Other Industries: Bugcrowd | eWeek

Bug Bounties Becoming Increasingly Popular, With Payouts Rising

Bug bounty 2
Jul 12, 2017
2 minute read
eWeek content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More


1 - Bug Bounties Becoming Increasingly Popular, With Payouts Rising

Paying out a bug bounty—that is, rewarding a security researcher for responsibly disclosing a security vulnerability—is an increasingly popular and lucrative endeavor, according to Bugcrowd’s “2017 State of Bug Bounty” report. Bugcrowd offers its customers a managed bug bounty program that engages a “crowd” of researchers to help find software vulnerabilities. Across all industries served by Bugcrowd, the average bug payout last year was $451, up 53 percent year-over-year. Among Bugcrowd’s customer base, automotive clients reported the highest average bug bounty payout at $1,514, while those in retail and e-commerce paid an average of $403 per bug. In this slide show, eWEEK takes a look at some of the highlights of Bugcrowd’s third annual bug bounty report.


Bug Bounty Payouts Rising

2 - Bug Bounty Payouts Rising

Across all industries served by Bugcrowd, the average bug payout last year was $451, up 53 percent year-over-year.


Automotive Industry Pays Highest Bounties

3 - Automotive Industry Pays Highest Bounties

Among Bugcrowd’s customer base, automotive clients reported the highest average bug bounty payout at $1,514.


Mobile Bounties Have Lowest Average Payout

4 - Mobile Bounties Have Lowest Average Payout

The average payout among targets varies quite a bit, with the average mobile payout coming in at $385 and hardware (including IoT) at $742.


SQL Injection Is Most Commonly Reported Critical Vulnerability

5 - SQL Injection Is Most Commonly Reported Critical Vulnerability

The most commonly reported critical vulnerability by Bugcrowd’s community of researchers is SQL injection (with an average payout of $1,058), followed by cross-site scripting, or XSS (with an average payout of $314).


Advertisement

Highest Payouts Are Made in India and US

6 - Highest Payouts Are Made in India and US

Researchers from around the world participate in bug bounty programs. In terms of payouts, the Bugcrowd “2017 State of Bug Bounty” report found researchers in India topped the list at $1,591,485, followed by the United States at $1,436,147. In contrast, researchers in the UK earned a total of $535,080.


Most Bug Bounty Programs Are Ongoing

7 - Most Bug Bounty Programs Are Ongoing

Bugcrowd manages on-demand as well as ongoing bug bounty programs. Over the last three years, growth in ongoing bug bounty programs has outpaced on-demand programs.


Most Bugcrowd Programs Are Private

8 - Most Bugcrowd Programs Are Private

Bugcrowd hosts more than 600 bug bounty programs, with the majority (77 percent) being private programs.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.