Request a Demo Contact Us
Press release

Security Vulnerabilities and Payouts to the Crowd Nearly Double Year over Year

New Bugcrowd Priority One Report dives into the state of crowdsourced security in 2019 

Bugcrowd, the #1 crowdsourced security company, today released the Priority One Report, indicating a 93% increase in total vulnerabilities reported and an 83% increase in average payouts per vulnerability, nearly double over last year. 

The Priority One Report provides an inside look into crowdsourced security trends in 2019, as well as a deep dive into emerging and critical vulnerabilities found over the previous year. This year’s report signals to the growing security maturity of the market and an uptick in adoption of crowdsourced security solutions. Bug bounty payouts continue to rise, with critical vulnerabilities reaching nearly $2,700 at an almost 30% increase over last year. 

“Priority One tells the story of the breaches that never became headlines,” said David Baker, CSO of Bugcrowd. “Crowdsourced security continues to uncover 10 times the security bugs than traditional security assessment methods, demonstrating the true power of the Crowd. With numbers trending upward, we’re seeing a monumental shift in adoption to keep pace with growing attack vectors.”

Among the top vulnerabilities submitted over the last year, four of five represent systemic issues with critical impact. 

  • Broken Access Control 
  • Sensitive Data Exposure 
  • Server Security Misconfiguration 
  • Broken Authentication and Session Management 
  • Cross-Site Scripting 

Other key takeaways from the report include:

  • Financial Services surge in adoption: Financial Services (71%), Retail (50%) and Healthcare (41%) are adopting crowdsourced security at a rapid rate year over year
  • Web targets continue to dominate: The web is still the largest attack surface, accounting for 9 in 10 of submitted vulnerabilities
  • The internet of everything uptick: Submissions on IoT targets increased more than any other target, nearly 4X — and accounted for the second highest payouts, following web
  • Companies reaching security maturity: In the first half of 2019, we saw a 29% increase in the number of programs launched and a 50% increase in public programs launched.

Bugcrowd’s Priority One Report analyzes proprietary platform data collected from thousands of crowdsourced security programs and hundreds of thousands of vulnerability submissions through the Bugcrowd platform since 2012. 

More leading companies around the world, including Atlassian, Fitbit, HP, Indeed, Mastercard, Motorola,, Square, Twilio, and more trust Bugcrowd for crowdsourced security. For a list of public programs, visit: To read some of our customer stories

Additional Resources:

About Bugcrowd
Bugcrowd is the #1 crowdsourced security company. More Fortune 500 organizations trust Bugcrowd to manage their Bug Bounty, Vulnerability Disclosure, and Next Gen Pen Test programs. Bugcrowd’s award-winning platform combines actionable, contextual intelligence with the skill and experience of the world’s most elite hackers to help leading organizations identify and fix vulnerabilities, protect customers, and make the digitally connected world a safer place. Based in San Francisco, Bugcrowd is backed by Blackbird Ventures, Costanoa Ventures, Industry Ventures, Paladin Capital Group, Rally Ventures, Salesforce Ventures and Triangle Peak Partners. Learn more at