Report

2017 State of Bug Bounty


Bugcrowd’s 2017 State of Bug Bounty Report

Today, we have a perfect storm: a growing and under-defended attack surface and adversaries economically incentivized to attack it. As a result, organizations are increasingly turning to a group that they have traditionally distrusted: hackers.

In its third iteration, the Bugcrowd State of Bug Bounty Report mines data from more than 600 managed programs to provide an unparalleled, inside look into the global bug bounty economy.

Key findings:

  • Enterprise adoption is up threefold. Today, nearly half of all programs (44%) are run by organizations with more than 500 employees with 16% run by enterprise organizations (more than 5,000 employees)
  • Critical findings are on the rise. The number of critical bugs found is up 25% as is the overall average criticality across submissions
  • Program management accelerates remediation. The time to first touch (triage of submissions) has gone down, highlighting how a trusted platform partner can streamline program management to ensure quicker remediation of vulnerabilities

For the complete list of trends, including vulnerability types, payout amounts, and rising industries, download the full report.