Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Management & Strategy

Verizon, PayPal, Uber Paid Out Most Through Bug Bounty Programs on HackerOne

HackerOne on Monday released a list of the companies that have paid out the most money through their bug bounty programs.

HackerOne on Monday released a list of the companies that have paid out the most money through their bug bounty programs.

The top 10 bug bounty programs on HackerOne are run by Verizon Media, PayPal, Uber, Intel, Twitter, GitLab, Mail.ru, GitHub, Valve and Airbnb. This is based on how much they paid out since the launch of their program until April 2020, excluding awards from live hacking events.

According to HackerOne, Verizon has paid out more than $9.4 million since the launch of its program in February 2014, with a top bounty of $70,000 and an average first response time of 8 hours. It’s worth noting that Verizon was also at the top of the list last year, but by April 2019 it had only awarded roughly $1.8 million.

PayPal, which last year occupied the third position, was second this year, with a total of nearly $2.8 million paid out between August 2018 and April 2020. The payments giant had an average first response time of 4 hours and its highest bounty was $30,000.

Uber dropped from second to third place, with over $2.4 million paid out since December 2014 and a top bounty of $50,000. Next in line is Intel, with nearly $1.9 million paid out since March 2017.

Twitter was in fifth place with nearly $1.3 million awarded since May 2014. The social media giant had an average response time of 12 hours and its average time to bounty was 8 days, with a maximum bounty of just over $20,000.

GitLab paid out a total of $1.2 million, followed by Mail.ru with $1.1 million. Both companies launched their programs in 2014 and both awarded a top bounty of $20,000, but GitLab has the best response time in the top 10, at one hour.

GitHub, Valve and Airbnb were all getting close to $1 million total bounties paid out by April 2020.

Advertisement. Scroll to continue reading.

“These 10 organizations are helping to spell out the truth: hackers still have all the advantage today,” said Alex Rice, CTO and co-founder of HackerOne. “With software development cycles becoming increasingly continuous, security teams are left playing catch up. To accommodate this fast-paced method, companies are in desperate need of a security strategy that will grow and adapt at the pace of innovation. These organizations are meeting criminals on the battlefield with hackers devoted to doing good, finding vulnerabilities in real time before they can be exploited.”

HackerOne reported recently that bug bounty hunters earned more than $100 million through its bug bounty platform since October 2013.

Related: Tencent Partners With HackerOne for Bug Bounty Program

Related: Sony Launches PlayStation Bug Bounty Program on HackerOne

Related: Hacker Earns $8,500 for Vulnerability in HackerOne Platform

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Cybersecurity Funding

2022 Cybersecurity Year in Review: Top news headlines and trends that impacted the security ecosystem