HackerOne bug bounty platform closes new $36.4m funding round
HackerOne has announced the closure of a Series D funding round that has secured the bug bounty program a further $36.4 million in investment.
On Sunday, the company said the cash injection will be earmarked for scaling up its international business footprint as well as for expanding the firm's enterprise market solutions, moves which will "continue to strengthen the world's largest and most diverse hacker community."
[...] Users are able to submit reports on new and previously unknown vulnerabilities impacting products before they potentially end up in the hands of cybercriminals, and in return, they are given credit and financial rewards.
[...] The HackerOne client roster includes a number of well-known companies including Dropbox, Coinbase, GitHub, Google Play, PayPal, Qualcomm, and Verizon Media. In addition, the platform is used by the US Department of Defense (DoD), the European Commission, the Ministry of Defence Singapore, and Goldman Sachs.
[...] On the heels of the announcement, the bug bounty platform also revealed some interesting statistics. Over 30,000 vulnerabilities have been reported and resolved in the past 12 months and only 24 hours, in 77 percent of cases, is required for a new bug bounty program to receive its first valid report. In total, 25 percent of bugs discovered are considered high or critical and the average bug bounty paid is $3,384.
While some vendors employ crowd-sourced vulnerabilities through such platforms, they may also run their own independent programs. Google's Project Zero, for example, finds and reports serious bugs impacting other companies and generally maintains a strict 90-day disclosure deadline.
