At the end of 2017 we asked our researcher community what changes they predicted for the bug bounty space in the year to come.
The response was overwhelmingly the same: more companies adopting bug bounties across company size and industry vertical. One researcher wrote that 2018 would be “similar to this year (2017), more companies and more enticing rewards.” Another wrote “definitely more companies starting bug bounty programs, higher payouts, more competition, etc.” One researcher went so far as to say that by the end of 2018 “each and every company and agency will launch bug bounty programs.”
But the predictions went deeper than that. As another member of our community put it:
In 2018, we’ll see “companies going further in the way they deliver their programs. Perhaps personal engagements with their best hunters, corporate events. Treating hunters as not just someone-from-the-internet.”
This is reflective of the trends we already began to see in 2017. As the bounty model matures more organizations are embracing the white-hat hacker community. But this is not just a US trend. This expansion is expected across the globe, with a growing focus on security driving adoption of the bug bounty model.
“Many companies in Europe are about to start taking security more seriously due to GDPR, which will force all organisations handling PII to at least take some care of their IT security. A smooth process helping European companies to open up bounty programs could become a huge deal during 2018.”
Following up on our 2017 Inside the Mind of a Hacker report, we asked our Twitter community how they thought hacker motivations would change in 2018.
@AmitElazari, doctoral candidate at UC Berkeley Law, wrote: “I hope hackers will care about legal risks and safe harbors and vote against companies with bad terms.”
According to @StreamingFeed, “it will be more of the same.” @rjhigham elaborated on their motivations, writing that “motivation will always be notoriety, autonomy, self-respect, power, money… specifically though… breaking bitcoin, automobiles, and oh ya… more phishing”
And while I (maybe unsurprisingly) predicted that “2018 will be a huge year for bounties” I was not alone in this sentiment. @StegoPax added “Totally agree.”If you’re a researcher reading this, gear up for a big 2018. We’ll need your skills and your time, we’ve got a ton of challenging and exciting bounties on the horizon for you this year.
For more predictions read below or follow us on Twitter @bugcrowd.
#CyberPredictions Twitter Campaign
- What changes do you predict for the bug bounty space (companies implementing programs, researcher interest, etc.)?
- @StegoPax: “Surge in mobile app bug bounties.”
- How do you think hacker motivations will change in 2018?
- @samhouston: “I think more and more people will be able to do bug bounties fulltime. I think we’ll see the rise of specialists, folks that only focus on mobile, or IoT, etc as those numbers of bounties will rise.2018 will be a huge year for bounties. Buckle up :)”
- @AmitElazari: “I hope hackers will care about legal risks and safe harbors and vote against companies with bad terms.”
- @rabbitear: “They will always buy dumb terminals and forget about any computers.”
- @synff: “The recent event with @Uber will probably increase the number of extortions…”
- @rjhigham: “Motivation will always be notoriety, autonomy, self-respect, power, money… specifically though… breaking bitcoin, automobiles, and oh ya… more phishing”
- @qbus371: “I sure hope someone will hack blockchain. I heard that if it would be done the entire market would crash. Might be fun to watch.”
- What industry do you think is at the most risk for cyberattack / will be the most targeted? Why?
- @Blue_Robin93: “Financial. $$$ and most access to Sensitive data”