Bugcrowd’s bug bounties grow 210 percent, with more than $2 million paid out

google microsoft increase payouts in bug bounty programs
Jean Marconi/Flickr
Bug bounties are quickly becoming security best practice and no longer considered a novelty, according to Bugcrowd’s second annual State of Bug Bounty report.

The research from the bug bounty platform company shows it has paid out over $2 million in bounty rewards as of March this year and the number of bug bounty programs running on its platform has increased some 210 percent since January 2013.

Most interestingly, more and more larger corporations are turning to bug bounty hunters. Large companies, with 5,000 or more employees, now account for 44 percent of Bugcrowd’s bug bounty programs. It’s not just tech companies either, there’s been a swell of “traditional” industries like banking and retail that have turned to the crowd for security help.

The company credits the growth in bug bounty researchers to the explosion in cyberattacks in recent years, coupled with a skills shortage in the security industry.

As a result, bug hunters have seen a 47 percent increase in the reward figures over the last year. In the first quarter of this year, Bugcrowd’s average payout was $505.79. The all-time average is $294.70, up from $200.81 last year.

As of March, Bugcrowd said it has paid out $2,054,721 through 6,803 valid submissions. Researcher Reginaldo Silva remains the highest paid bug bounty hunter to date, having received $33,500 from Facebook for an XML external entities vulnerability. He is now a security engineer at Facebook.

Researchers from 112 countries make up Bugcrowd’s bug hunter roster with submissions from India accounting for 43 percent of users with the U.S. in a distant second at 13 percent. However, when it comes it actual money paid out, India remains on top but Portugal comes in second with the U.S. at third.

Bugcrowd’s report also shows the growth of so-called “super hunters”, which are often dominating the number if payments made through bug bounty programs. These are security researchers that have turned hunting bugs from a hobby into a full-time job. Bug crowd’s top 10 researchers account for 23 percent of money paid out.

Cross-site scripting (XSS) remains the most frequently occurring bug, 66 percent of valid submissions, with cross-site forgery requests (CSFR) bugs also common at 20 percent.

The data for the report was collected from programs run on Bugcrowd’s platform, as well as from surveys on hundreds of security researchers and professionals. The research was conducted between January 2013 and March 2016.

Bug bounty programs and crowdsourced cybersecurity are leveling the playing field for companies and researchers by creating mutually beneficial relationships, said Jonathan Cran, Bugcrowd’s vice president of product.

“2015 was the year companies realized that, when it comes to cybersecurity, the pain of staying the same is exceeding the pain of change,” said CEO Casey Ellis. “This tip is causing companies to realize that the only way to compete with an army of adversaries is with an army of allies.”

Computing

The Razer Core X Chroma is the best external GPU you can buy

The third entry in Razer's lineup of external graphics card enclosures, the Core X Chroma, brings together the best of its previous options in a single package. With RGB lighting and extra USB ports, is this the best you can buy?
Social Media

Millions of Instagram influencers reportedly had private data exposed online

As many as 49 million Instagram influencers have reportedly had their private data exposed in an online database that had no password protection. The database was apparently created by a marketing firm and has been taken offline.
Mobile

FCC chairman and commissioner support the T-Mobile and Sprint merger

T-Mobile and Sprint are getting closer to merging. After a few failed attempts, the two companies announced their merger at the start of 2018. The new T-Mobile could be better positioned to take on the likes of Verizon and AT&T.
Cars

GM thinks up new electronic brain for its cars, allowing over-the-air updates

General Motors is launching a new electrical architecture to support more tech features in its cars. The system debuts on the 2020 Cadillac CT5, and will roll out to most other GM models by 2023.
Gaming

Your PlayStation 4 game library isn't complete without these games

Looking for the best PS4 games out there? Out of the massive crop of titles available, we selected the best you should buy. No matter what your genre of choice may be, there's something here for you.
Computing

Google recalls Titan Security Key due to hijack risk

Google is offering a free replacement for the Bluetooth Low Energy version of the Titan Security Key. A misconfiguration was discovered in the device, though hackers looking to exploit the vulnerability will find it difficult to do so.
Emerging Tech

Awesome Tech You Can’t Buy Yet: Insect drones and kinetic sculpture robots

Check out our roundup of the best new crowdfunding projects and product announcements that hit the web this week. You may not be able to buy this stuff yet, but it's fun to gawk!
Computing

Whether you want to edit, sign, or append, PDFs, these are the best PDF editors

While there are plenty of PDF editor options online, finding a solution with the tools you need can be tough. Here are the best PDF editors for your editing needs, no matter your budget or operating system.
Computing

Give your PC a new lease on life by upgrading its core components

Older PCs can still be great tools for work and play, they just need a little upgrade now and then. Here are the best upgrades you can make to your PC to make it feel fresh and fast once again.
Computing

The best software for filing your taxes — because you can never be too early

The best tax software offers a variety of services for saving money, completing your taxes at top speed, or getting advice for more complex tax scenarios that you haven't had to deal with before.
Computing

Through the wire, to the limit, to the wall: The 5 best ethernet cables

While our world may be transitioning to wireless connectivity, Ethernet connections are still faster and less prone to lag times than traditional Wi-Fi networks. Here are five of the best Ethernet cables you can buy.
Computing

Your amazing PC rig needs an amazing computer case. These are the very best

There's an incredible variety of PC cases on the market, but a few stand above the rest. Any of our five best computer cases will make your desktop look and work great, no matter what your budget is.
Emerging Tech

How Super Mario, Magic: The Gathering, and PowerPoint are low-key supercomputers

What if the creators of Super Mario World, PowerPoint, and even Magic: The Gathering had accidentally created tools hiding a general-purpose computer in plain sight? Turns out they have.
Computing

Yes, Google tracks and collects your online purchases through Gmail. But why?

Google has been tracking your purchase history and while the company says that the tracking is part of an effort to help you keep track of your purchases, there are indications that there might be other, less clear motives for doing so.