News

|

Feeds

|

Email

SAN FRANCISCO, Aug. 1, 2019 /PRNewswire/ -- Bugcrowd, the #1 crowdsourced security company, today released the Priority One Report, indicating a 93% increase in total vulnerabilities reported and an 83% increase in average payouts per vulnerability, nearly double over last year.

The Priority One Report provides an inside look into crowdsourced security trends in 2019, as well as a deep dive into emerging and critical vulnerabilities found over the previous year. This year's report signals to the growing security maturity of the market and an uptick in adoption of crowdsourced security solutions. Bug bounty payouts continue to rise, with critical vulnerabilities reaching nearly $2,700 at an almost 30% increase over last year.

"Priority One tells the story of the breaches that never became headlines," said David Baker, CSO of Bugcrowd. "Crowdsourced security continues to uncover 10 times the security bugs than traditional security assessment methods, demonstrating the true power of the Crowd. With numbers trending upward, we're seeing a monumental shift in adoption to keep pace with growing attack vectors."

Among the top vulnerabilities submitted over the last year, four of five represent systemic issues with critical impact.

    --  Broken Access Control
    --  Sensitive Data Exposure
    --  Server Security Misconfiguration
    --  Broken Authentication and Session Management
    --  Cross-Site Scripting

Other key takeaways from the report include:

    --  Financial Services surge in adoption: Financial Services (71%), Retail
        (50%) and Healthcare (41%) are adopting crowdsourced security at a rapid
        rate year over year
    --  Web targets continue to dominate: The web is still the largest attack
        surface, accounting for 9 in 10 of submitted vulnerabilities
    --  The internet of everything uptick: Submissions on IoT targets increased
        more than any other target, nearly 4X -- and accounted for the second
        highest payouts, following web
    --  Companies reaching security maturity: In the first half of 2019, we saw
        a 29% increase in the number of programs launched and a 50% increase in
        public programs launched.

Bugcrowd's Priority One Report analyzes proprietary platform data collected from thousands of crowdsourced security programs and hundreds of thousands of vulnerability submissions through the Bugcrowd platform since 2012.

More leading companies around the world, including Atlassian, Fitbit, HP, Indeed, Mastercard, Motorola, Jet.com, Square, Twilio, and more trust Bugcrowd for crowdsourced security. For a list of public programs, visit: bugcrowd.com/programs. To read some of our customer stories bugcrowd.com/customers.

Additional Resources:

    --  Download a full copy of the Priority One Report
    --  Read the blog here
    --  Follow Bugcrowd on LinkedIn and Twitter

About Bugcrowd
Bugcrowd is the #1 crowdsourced security company. More Fortune 500 organizations trust Bugcrowd to manage their Bug Bounty, Vulnerability Disclosure, and Next Gen Pen Test programs. Bugcrowd's award-winning platform combines actionable, contextual intelligence with the skill and experience of the world's most elite hackers to help leading organizations identify and fix vulnerabilities, protect customers, and make the digitally connected world a safer place. Based in San Francisco, Bugcrowd is backed by Blackbird Ventures, Costanoa Ventures, Industry Ventures, Paladin Capital Group, Rally Ventures, Salesforce Ventures and Triangle Peak Partners. Learn more at www.bugcrowd.com.

Michelle Dailey
Bugcrowd, Inc.
press@bugcrowd.com

View original content to download multimedia:http://www.prnewswire.com/news-releases/security-vulnerabilities-and-payouts-to-the-crowd-nearly-double-year-over-year-300894751.html

SOURCE Bugcrowd

Email

|

Slashdot

|

Digg

|

Del.icio.us

|

Feeds

RELATED NEWS ARTICLES

Identiv Completes Thailand Manufacturing Transition, Unlocking Next-Generation Multicomponent Manufacturing for Advanced IoT Solutions | Jan 22, 2026 Global Cyber Alliance Identifies Five Cybersecurity Forces That Defined 2025 - And Will Shape 2026 | Jan 22, 2026 New Report Names States Most Vulnerable to Holiday Scams | Jan 22, 2026 Truvista Fiber Acquires SlyTel | Jan 22, 2026 pgEdge Announces pgEdge Agentic AI Toolkit for Postgres | Jan 22, 2026 Android Mobile Adware Surges in Second Half of 2025 | Jan 22, 2026 Guardz 2025 SMB Cybersecurity Report: Nearly 50% of U.S. Small Businesses Have Been Hit by Cyber Attack | Jan 22, 2026 Healthcare Industry Executives are Likely to be Personal Targets of Cybercrime | Jan 22, 2026 LG ELECTRONICS INTRODUCES 2026 LG GRAM LINEUP ELEVATED BY AEROMINUM | Jan 22, 2026 Breakthrough Progress: METiS TechBio Publishes Consecutive Research Findings in Nature Communications and the Journal for ImmunoTherapy of Cancer | Jan 22, 2026