Bugcrowd’s bug bounties grow 210 percent, with more than $2 million paid out

google microsoft increase payouts in bug bounty programs
Jean Marconi/Flickr
Bug bounties are quickly becoming security best practice and no longer considered a novelty, according to Bugcrowd’s second annual State of Bug Bounty report.

The research from the bug bounty platform company shows it has paid out over $2 million in bounty rewards as of March this year and the number of bug bounty programs running on its platform has increased some 210 percent since January 2013.

Most interestingly, more and more larger corporations are turning to bug bounty hunters. Large companies, with 5,000 or more employees, now account for 44 percent of Bugcrowd’s bug bounty programs. It’s not just tech companies either, there’s been a swell of “traditional” industries like banking and retail that have turned to the crowd for security help.

The company credits the growth in bug bounty researchers to the explosion in cyberattacks in recent years, coupled with a skills shortage in the security industry.

As a result, bug hunters have seen a 47 percent increase in the reward figures over the last year. In the first quarter of this year, Bugcrowd’s average payout was $505.79. The all-time average is $294.70, up from $200.81 last year.

As of March, Bugcrowd said it has paid out $2,054,721 through 6,803 valid submissions. Researcher Reginaldo Silva remains the highest paid bug bounty hunter to date, having received $33,500 from Facebook for an XML external entities vulnerability. He is now a security engineer at Facebook.

Researchers from 112 countries make up Bugcrowd’s bug hunter roster with submissions from India accounting for 43 percent of users with the U.S. in a distant second at 13 percent. However, when it comes it actual money paid out, India remains on top but Portugal comes in second with the U.S. at third.

Bugcrowd’s report also shows the growth of so-called “super hunters”, which are often dominating the number if payments made through bug bounty programs. These are security researchers that have turned hunting bugs from a hobby into a full-time job. Bug crowd’s top 10 researchers account for 23 percent of money paid out.

Cross-site scripting (XSS) remains the most frequently occurring bug, 66 percent of valid submissions, with cross-site forgery requests (CSFR) bugs also common at 20 percent.

The data for the report was collected from programs run on Bugcrowd’s platform, as well as from surveys on hundreds of security researchers and professionals. The research was conducted between January 2013 and March 2016.

Bug bounty programs and crowdsourced cybersecurity are leveling the playing field for companies and researchers by creating mutually beneficial relationships, said Jonathan Cran, Bugcrowd’s vice president of product.

“2015 was the year companies realized that, when it comes to cybersecurity, the pain of staying the same is exceeding the pain of change,” said CEO Casey Ellis. “This tip is causing companies to realize that the only way to compete with an army of adversaries is with an army of allies.”

Social Media

Tumblr promises it fixed a bug that left user data exposed

A bug on blogging site Tumblr left user data exposed. The company says that once it learned of the flaw, it acted quickly to fix it, adding that it's confident no data linked to its users' accounts was stolen.
Gaming

Your PlayStation 4 game library isn't complete without these games

Looking for the best PS4 games out there? Out of the massive crop of titles available, we selected the best you should buy. No matter what your genre of choice may be, there's something here for you.
Movies & TV

MoviePass saga: Parent company investigated for allegedly misleading investors

Troubled subscription-based movie service MoviePass is making headlines on a daily basis lately, and not in a good way. Here's a timeline of events for the company once described as Netflix for movie theaters.
Movies & TV

Peter Dinklage gets cryptic about two 'Game of Thrones' characters' fates

With the eighth and final season looming, Game of Thrones fever has officially become a pandemic. Our list of all the relevant news and rumors will help make the wait more bearable -- if you don't mind spoilers.
Computing

Winamp eyes big comeback in 2019 with podcast, streaming support

Classic audio player Winamp is getting a major overhaul in 2019 that's designed to bring it up-to-date and make it competitive with the likes of Apple Music, Amazon Music, Spotify, Audible, and more, all in one go.
Computing

Is the Pixelbook 2 still happening? Here's everything we know so far

What will the Pixelbook 2 be like? Has the Pixel Slate taken its place? Google hasn't announced it, but thanks to rumors and leaks, we think we have a pretty good idea of what the potential new flagship Chromebook will be like.
Computing

Adobe’s craziest new tools animate photos, convert recordings to music in a click

Adobe shared a glimpse behind the scenes at what's next and the Creative Cloud future is filled with crazy A.I.-powered tools, moving stills, and animation reacting to real-time tweets.
Photography

Adobe MAX 2018: What it is, why it matters, and what to expect

Each year, Adobe uses its Adobe MAX conference to show off its latest apps, technologies, and tools to help simplify and improve the workflow of creatives the world over. Here's what you should expect from this year's conference.
Computing

Problems with Microsoft’s Windows October 2018 Update aren’t over yet

Microsoft's Windows 10 October 2018 update is not having a great launch. More than two weeks after its debut and Microsoft is still putting out fires as new bugs are discovered and there's no sign of its re-release as of yet.
Computing

Chrome 70 is now available and won’t automatically log you in to the browser

Google has officially launched Chrome version 70 on Windows Mac and Linux. The update introduces some new Progressive Web App integrations on Windows 10 and also tweaks the much controversial auto login with Google Account feature.
Computing

Corsair’s latest SSD boasts extremely fast speeds at a more affordable price

Despite matching and besting the performance of competing solid-state drives from Samsung and WD, the Corsair Force Series MP510 comes in at a much more affordable price. Corsair boasts extremely fast read and write speeds.
Computing

New Windows 10 19H1 preview lets users remove more pre-installed Microsoft apps

With the release of the latest Windows 10 19H1 preview build on October 17, Microsoft is letting some consumers remove more of the pre-installed inbox app bloatware from their machines. 
Computing

Apple’s 2020 MacBooks could ditch Intel processors, arrive with ‘ARM Inside’

If you're buying a MacBook in 2020, be on the lookout for a new "ARM Inside" banner. Apple is reportedly working on transitioning away from Intel processors for its MacOS lineup in favor of new custom A-series ARM-based silicon.
Computing

Microsoft patent highlights a potential VR text input system

A new patent awarded to Microsoft could lead to a new typing method for virtual reality and on Xbox consoles. The virtual radial dial puts letters within easy reach of joystick commands and offers predictive typing, too.