State of Bug Bounty Report 2016 Illustrates Market Adoption Shifting From "Tech Giants" Towards Traditional Industries and Thousands More Researchers
SAN FRANCISCO, CA--(Marketwired - Jun 8, 2016) - Bugcrowd, Inc., the pioneer and innovator in crowdsourced security for the enterprise, today released the results of its second annual State of Bug Bounty Report. Building from findings in last year's inaugural report, the new research sheds light on the vertical and horizontal breadth of today's bounty programs, the most pervasive types of vulnerabilities, and the growth of bounty program payouts. Drawing on insights from Bugcrowd's researcher population and the wider security professional community, the findings also reveal hidden strengths and uncover the top motivations behind bug bounty participation.
With a global rise in cyberattacks and a critical deficit of security talent to combat adversaries, bug bounty programs congruently grew in both volume and scope in the last 12 months. Moving beyond technology companies, more than 25 percent of public and private programs are now run in more "traditional" industry sectors -- with particular traction across retail & e-commerce, financial services & banking, and automotive -- and deployed across larger organizations, with companies over 5,000 employees gaining particular traction in the last 12 months.
Key findings
"Mainstream enterprises are entering a new era of advanced security," said Jonathan Cran, vice president of product at Bugcrowd. "Bug bounty programs are leveling the playing field, and Bugcrowd is making them accessible across more industries and organization types. Crowdsourced cybersecurity not only strengthens the security of products, but it also initiates rewarding, mutually beneficial relationships with the researcher community."
In 12 months, Bugcrowd's researcher base grew to include over 26,000 total researcher accounts at the end of Q1 2016. Nearly 75 percent of researchers are between the ages of 18-29. The second largest group, 30-44, represents 19 percent of the crowd.
"2015 was the year companies realized that, when it comes to cybersecurity, the pain of staying the same is exceeding the pain of change. This tip is causing companies to realize that the only way to compete with an army of adversaries is with an army of allies. Even the most risk-averse industries are embracing, and successfully implementing, crowdsourced cybersecurity programs," said Casey Ellis, CEO and founder of Bugcrowd. "This growth validates today's reality: distributed resourcing approaches like bug bounty programs are the best tools to create parity with the adversary."
Click here to view the full report.
Methodology
Research for "The State of Bug Bounty 2016 Report" was conducted by Bugcrowd, Inc., between January 1, 2013 and March 30, 2016, including data from programs run on Bugcrowd's platform. Additional data was collected from an active survey of 500 security researchers and 600 security professionals from organizations engaging this model, which contributed to the report findings.
About Bugcrowd
The pioneer and innovator in crowdsourced security testing for the enterprise, Bugcrowd harnesses the power of more than 30,000 security researchers to surface critical software vulnerabilities and level the playing field in cybersecurity. Bugcrowd also provides a range of responsible disclosure and managed service options that allow companies to commission a customized security testing program that fits their specific requirements. Bugcrowd's proprietary vulnerability disclosure platform is deployed by Tesla Motors, The Western Union Company, Pinterest, Barracuda Networks and Jet.com. Based in San Francisco, Bugcrowd is backed by Blackbird Ventures, Costanoa Venture Capital, Industry Ventures, Paladin Capital Group, Rally Ventures and Salesforce Ventures. Bugcrowd is a trademark of Bugcrowd, Inc. Learn more at www.bugcrowd.com.
Contact Information:
Media Contacts
Rachel Nelson (InkHouse for Bugcrowd)
508-479-4966
Bugcrowd@inkhouse.com
Melanie Duzyj
415-795-7216
Melanie.duzyj@bugcrowd.com