HackerOne: the top 10 public bounty bugs

HackerOne: the top 10 public bounty bugs Cybersecurity

HackerOne, the company that hosts bug bounty programs for some of the biggest companies in the world, has published its ranking of the 10 most successful programs hosted on its platform.

The ranking is based on the total amount of bonuses granted to hackers by each company, since April 2020.

The HackerOne top 10 2020 is the second edition of this ranking, the first having been published last year. The ranking of the Top 10 of 2019 was: (1) Verizon Media, (2) Uber, (3) PayPal, (4) Shopify, (5) Twitter, (6) Intel, (7) Airbnb, (8) Ubiquiti Networks , (9) Valve, and (10) GitLab.

In 2020, there were a few changes in the Top 10, but the leader remained the same, with Verizon Media retaining its position at the top.

1) Verizon Media

Rank of 2019: # 1 (-)

Verizon Media is the undisputed leader of the most active and successful bug bounty program hosted on the HackerOne platform. In one year, Verizon Media has more than doubled the premiums awarded to security researchers, from $ 4 million to more than 9.4 million this year, for a total of $ 5.4 million awarded in one year .

Currently, Verizon Media ranks No. 1 for premiums paid (over $ 9.4 million), No. 1 for the number of hackers rewarded (1,315) and No. 1 for the number of flaws resolved (5,928 ). In addition, one of Verizon Media’s bug bonuses also ranks in the Top 5 of the biggest payments ever made on HackerOne, with a $ 70,000 reward given to a lucky researcher.

h1-01-verizonmedia.png

2) Paypal

2019 Rank: # 3 (+1)

Although it manages one of the most recent programs on HackerOne, started only in August 2018, Paypal has established itself as one of the most active companies on the platform, paying almost $ 2.8 million in the past two years, and $ 1.62 million last year.

HackerOne: the top 10 public bounty bugs

3) Uber

2019 Rank: # 2 (-1)

Since last year’s rankings, the Uber security team has awarded $ 620,000 in bug premiums, bringing the total bonus awarded to HackerOne to $ 2,415,000 since the program was launched in December. 2014.

Currently, Uber’s bug bounty program is also in the top 5 of the number of hackers dismissed, in the top 5 of the number of resolved reports, and in the top 5 of the highest bonuses.

HackerOne: the top 10 public bounty bugs

4) Intel

2019 rank: # 6 (+2)

Intel has moved up two places in the 2020 rankings after paying more than $ 1 million in bonuses to researchers in the past 12 months.

Although the amount has never been made public, Intel has also paid the biggest bug premium ever paid on the HackerOne platform, with an estimated sum between 100,000 and 200,000 dollars for a side channel vulnerability affecting its architectures. processors.

h1-04-intel.png

5) Twitter

2019 rank: # 5 (-)

With one of the oldest programs on HackerOne, launched in May 2014, Twitter has paid more than $ 1,288,000 in bonuses to security researchers, of which $ 118,000 has been distributed in the past 12 months.

h1-05-twitter.png

6) GitLab

2019 rank: # 10 (+4)

In 2020, the GitLab code hosting platform went from 10th to 6th place, which is one of the biggest leaps in this year’s ranking. The company has paid more than $ 641,000 in bugs bonuses to security researchers in the past 12 months, bringing its total payments to $ 1,211,000.

The company also has one of the fastest response times on HackerOne, responding on average to new bug reports within the hour.

h1-06-gilab.png

7) Mail.ru

Rank: 14 (+7) in 2019

New entry in the Top 10 of HackerOne, the Russian mail service Mail.ru recorded the strongest progression in the ranking this year. The company has paid more than $ 819,000 in bug premiums in the past 12 months to reach a total of $ 1,119,000 since registering on the platform in April 2014.

Currently, Mail.ru’s program also ranks in the top 5 of the number of thanked hackers (973) and in the top 5 of the number of resolved reports (3,333 resolved reports).

HackerOne: the top 10 public bounty bugs

8) GitHub

2019 rank: 11 (+3)

Another very active program in the past 12 months has been GitHub. The company has paid more than $ 467,000 to security researchers for bugs reported in the past 12 months, bringing its program total to $ 987,000 since its launch in April 2016.

HackerOne: the top 10 public bounty bugs

9) Valve

Rank: 9 (-) in 2019

Valve retained its place in the Top 10 this year, remaining in position No. 9. In the past 12 months, the company has paid an additional $ 381,000 in bonus money to bug hunters, bringing its total to $ 951,000 since launching its program on HackerOne in October 2017.

h1-09-valve.png

10) Airbnb

2019 rank: 7 (-3)

Despite the award of more than $ 344,000 in bonuses in the past 12 months, that was not enough for Airbnb to retain its number 7 spot from last year. In 2020, the company ranked 10th after having awarded a total of more than $ 944,000 in bonuses since February 2015.

HackerOne: the top 10 public bounty bugs

Source: “ZDNet.com”

Source: www.zdnet.fr

Rate article