CONFERENCE Cyber AI & Automation Summit - Watch Sessions
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Management & Strategy

Verizon, PayPal, Uber Paid Out Most Through Bug Bounty Programs on HackerOne

HackerOne on Monday released a list of the companies that have paid out the most money through their bug bounty programs.

HackerOne on Monday released a list of the companies that have paid out the most money through their bug bounty programs.

The top 10 bug bounty programs on HackerOne are run by Verizon Media, PayPal, Uber, Intel, Twitter, GitLab, Mail.ru, GitHub, Valve and Airbnb. This is based on how much they paid out since the launch of their program until April 2020, excluding awards from live hacking events.

According to HackerOne, Verizon has paid out more than $9.4 million since the launch of its program in February 2014, with a top bounty of $70,000 and an average first response time of 8 hours. It’s worth noting that Verizon was also at the top of the list last year, but by April 2019 it had only awarded roughly $1.8 million.

PayPal, which last year occupied the third position, was second this year, with a total of nearly $2.8 million paid out between August 2018 and April 2020. The payments giant had an average first response time of 4 hours and its highest bounty was $30,000.

Uber dropped from second to third place, with over $2.4 million paid out since December 2014 and a top bounty of $50,000. Next in line is Intel, with nearly $1.9 million paid out since March 2017.

Twitter was in fifth place with nearly $1.3 million awarded since May 2014. The social media giant had an average response time of 12 hours and its average time to bounty was 8 days, with a maximum bounty of just over $20,000.

GitLab paid out a total of $1.2 million, followed by Mail.ru with $1.1 million. Both companies launched their programs in 2014 and both awarded a top bounty of $20,000, but GitLab has the best response time in the top 10, at one hour.

GitHub, Valve and Airbnb were all getting close to $1 million total bounties paid out by April 2020.

Advertisement. Scroll to continue reading.

“These 10 organizations are helping to spell out the truth: hackers still have all the advantage today,” said Alex Rice, CTO and co-founder of HackerOne. “With software development cycles becoming increasingly continuous, security teams are left playing catch up. To accommodate this fast-paced method, companies are in desperate need of a security strategy that will grow and adapt at the pace of innovation. These organizations are meeting criminals on the battlefield with hackers devoted to doing good, finding vulnerabilities in real time before they can be exploited.”

HackerOne reported recently that bug bounty hunters earned more than $100 million through its bug bounty platform since October 2013.

Related: Tencent Partners With HackerOne for Bug Bounty Program

Related: Sony Launches PlayStation Bug Bounty Program on HackerOne

Related: Hacker Earns $8,500 for Vulnerability in HackerOne Platform

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Don’t miss this Live Attack demonstration to learn how hackers operate and gain the knowledge to strengthen your defenses.

Register

Join us as we share best practices for uncovering risks and determining next steps when vetting external resources, implementing solutions, and procuring post-installation support.

Register

People on the Move

Shanta Kohli has been named CMO at Sysdig.

Cloud security firm Sysdig has appointed Sergej Epp as CISO.

F5 has appointed John Maddison as Chief Product Marketing and Technology Alliances Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.