Cookie Settings
Operationally Necessary Cookies
Analytics Cookies
Advertising Cookies
PRESS RELEASE
SAN FRANCISCO – Jun 8, 2016 – Bugcrowd, Inc., the pioneer and innovator in crowdsourced security for the enterprise, today released the results of its second annual State of Bug Bounty Report. Building from findings in last year’s inaugural report, the new research sheds light on the vertical and horizontal breadth of today’s bounty programs, the most pervasive types of vulnerabilities, and the growth of bounty program payouts. Drawing on insights from Bugcrowd’s researcher population and the wider security professional community, the findings also reveal hidden strengths and uncover the top motivations behind bug bounty participation.
With a global rise in cyberattacks and a critical deficit of security talent to combat adversaries, bug bounty programs congruently grew in both volume and scope in the last 12 months. Moving beyond technology companies, more than 25 percent of public and private programs are now run in more “traditional” industry sectors — with particular traction across retail & e-commerce, financial services & banking, and automotive — and deployed across larger organizations, with companies over 5,000 employees gaining particular traction in the last 12 months.
Key findings
“Mainstream enterprises are entering a new era of advanced security,” said Jonathan Cran, vice president of product at Bugcrowd. “Bug bounty programs are leveling the playing field, and Bugcrowd is making them accessible across more industries and organization types. Crowdsourced cybersecurity not only strengthens the security of products, but it also initiates rewarding, mutually beneficial relationships with the researcher community.”
In 12 months, Bugcrowd’s researcher base grew to include over 26,000 total researcher accounts at the end of Q1 2016. Nearly 75 percent of researchers are between the ages of 18-29. The second largest group, 30-44, represents 19 percent of the crowd.
“2015 was the year companies realized that, when it comes to cybersecurity, the pain of staying the same is exceeding the pain of change. This tip is causing companies to realize that the only way to compete with an army of adversaries is with an army of allies. Even the most risk-averse industries are embracing, and successfully implementing, crowdsourced cybersecurity programs,” said Casey Ellis, CEO and founder of Bugcrowd. “This growth validates today’s reality: distributed resourcing approaches like bug bounty programs are the best tools to create parity with the adversary.”
###