HackerOne announced it hit US$20million in payouts, through finding 100,000 hackers in its programme, and 50,000 bugs.
The bug bounty programme founder, Marten Mickos, said in a blog post: “I wants to quintuple payments, quadruple the number of bugs found, and increase its workforce by a factor of 10 — all by 2020.”
“They are cheaper to pay than QA teams, more effective than internal testing, and could save organisations an estimated US$10billion a year,” he added.
The US Department of Defense (DoD) contracted with HackerOne and its bugs amounted to US$300,000 in payout, although former security of defence, Ash Carter, said to Tech Republic it could have cost over US$1million in DoD.
Mickos added to Tech Republic: “Vulnerabilities that go unnoticed by scanners and other expensive security products are more quickly and more cost-effectively found by ethical hackers — you end up just one step away from a fix.
“Look at the examples of Google, Facebook and Microsoft. They operate the most modern software deployments and are the world’s biggest users of hacker-powered security, spending millions a year rewarding external hackers for helping them find flaws in their systems.”
Written by Leah Alger