#1286263: Bugcrowd Paid Over $500K in Bug Bounties in One Week

Description: Crowdsourced security company Bugcrowd announced today that it paid over $500K ($513,333) to 237 whitehat hackers in a single week for the first time since launching its bug bounty platform more than seven years ago.

Bugcrowd connects a large community of security researchers with companies that need to have their apps probed for vulnerabilities via both public and private programs.

Over $1.5 million earned paid last month
1800 submissions were rewarded to 562 hackers during October, showing an increasing number of successful researchers being active across the platform. Out of the total number of rewarded submissions, 327 were categorized as P1 (the most severe).

"Overall for the month of October, Bugcrowd paid out $1.6 million to over 550 hackers, with our biggest payout to a single hacker totaling over $40,000," the company said. "Looking back to October 2014, we paid out nearly $30,000 to 85 hackers, and uncovered five P1s."

Some of the hackers who got rewarded during October by Bugcrowd were able to earn a year’s salary with a single large payout according to Bugcrowd.

Last month's results not only confirm the company's continued growth but also overall hacking skills improvement which leads to higher payouts and more secure software.

Growing number of programs and vulnerabilities reported
Compared to 2018, Bugcrowd saw increases of 93% in the total number reported vulnerabilities and of 83% on average payouts per vulnerability as the company revealed in August as part of its Priority One Report.

"Bug bounty payouts continue to rise, with critical vulnerabilities reaching nearly $2,700 at an almost 30% increase over last year," Bugcrowd added.

"Crowdsourced security continues to uncover 10 times the security bugs than traditional security assessment methods, demonstrating the true power of the Crowd," Bugcrowd CSO David Baker said. "With numbers trending upward, we're seeing a monumental shift in adoption to keep pace with growing attack vectors."

During the first half of 2019, Bugcrowd observed a 29% increase in the total number of launched programs, as well as a 50% increase in public programs launched.

Hacking university for beginners
In 2018, the company launched the Bugcrowd University to help hackers starting on their bug bounty journey to sharpen their skills with the help of community-provided free resources and training.

The Bugcrowd University training modules were expanded in August 2019 with a series of new modules including Server Side Request Forgery (SSRF), Burp Suite Advanced Module, XML External Entity Injection, GitHub Recon and Sensitive Data Exposure, and Recon and Discovery.

All Bugcrowd University materials are freely available to all security researchers in need of training with the final goal of attracting more of them to the crowdsourced security platform.

"What we've learned over the last decade of working with this community is that it's all about giving back and working together to make the internet a safer place," Casey Ellis, founder and CTO of Bugcrowd said.

"As such, we're doubling down on collaborating with some of the brightest in our Crowd to develop our next set of course work within Bugcrowd University."

"We're thrilled to empower more people around the world with these crucial skills -- helping to tip back the balance in favor of defenders."
More info: https://www.bleepingcomputer.com/news/security/bugcrowd-paid-over-500k-in-bug-bounties-in-one-week/

Date added Nov. 8, 2019, 7:21 p.m.
Source Bleeping Computer
Subjects
  • Latest Global Security News