Cyentia Cybersecurity Research Library
  • Sources
  • Tags
  • About
  • Sponsors
  • More from Cyentia

Bug Bounty

Below you will find reports with the tag of “Bug Bounty”

image from Inside the Mind of a Hacker

Inside the Mind of a Hacker

This report seized the opportunity to do something different; it now focuses on highlighting what’s next for the hacking community. From neurodiversity in the hacking community to the rise of hacking influencer platforms, we’ve examined a broad spectrum of important topics. Now, most security professionals not only understand the difference between threat actors and hackers, but they actually have personal experience with ethical hacking.

(more available)
Added: October 24, 2024
image from SANS Application & API Security Survey 2024

SANS Application & API Security Survey 2024

In this report, one clear finding from the survey was that it is important to test throughout the application lifecycle using a variety of methods. Although testing early continues to be important, having visibility into and being able to monitor and test deployed applications is still critical. Although security testing capabilities have also improved, the value of individual testing capabilities has changed in response to increased threats and changing application architectures.

(more available)
Added: August 10, 2024
image from The State of Vulnerability Disclosure Policy (VDP) Usage in Global Consumer loT in 2022

The State of Vulnerability Disclosure Policy (VDP) Usage in Global Consumer loT in 2022

This is the fifth report in the series which plots the use of vulnerability disclosure in consumer markets with the introduction of enterprise starting in 2021. For consumers, knowing that a manufacturer has the requisite systems in place to receive, and remedy, known security flaws is a welcome form of assurance. Indeed, we have said many times that the lack of an easily identifiable method for reporting security issues could be likened to a canary in the coal mine – it’s a good health indicator as to how serious they are about security.

(more available)
Added: May 29, 2024
image from Hacker-Powered Security Report: Industry Insights '21

Hacker-Powered Security Report: Industry Insights '21

HackerOne’s Hacker-Powered Security Report: Industry Insights leverages data from real-world vulnerability reports to provide insight into the fastest-growing vulnerability categories, how bounty prices are changing year over year, and which industries are fastest to fix. The most innovative CISOs stay ahead of cybersecurity threats and mitigate vulnerabilities by augmenting internal teams and security testing tools with a skilled and engaged hacking community.

(more available)
Added: May 22, 2024
image from Hacker-Powered Security Report Financial Services Edition 2022

Hacker-Powered Security Report Financial Services Edition 2022

In this year’s Hacker-Powered Security Report: Financial Services, we look at what drives ethical hackers, where they focus their energies, and what they’re doing to help financial services companies improve their security profile. In the past year, the hacking community has found over 65,000 customer vulnerabilities. Financial services continues to be among the most popular industries for ethical hackers to work on, and vulnerabilities in web applications are by far the most commonly reported issues in the industry

(more available)
Added: May 21, 2024
image from Hacker Powered Security Report 2023

Hacker Powered Security Report 2023

The 7th annual Hacker-Powered Security Report goes deeper than ever before with customer insights, in addition to the opinions of some of the world’s top hackers. We also take a more comprehensive look at the top ten vulnerabilities and how various industries are performing when it comes to incentivizing hackers to find the vulnerabilities that are most important to them.

(more available)
Added: December 15, 2023
image from Leading Ransomware Variants Q3 2022

Leading Ransomware Variants Q3 2022

Intel 471 reported 27 ransomware variants were used to conduct 455 attacks from July 2022 to September 2022, a decrease of 38 attacks from the second quarter of 2022 and 134 from the first quarter of 2022. The daily average of reported LockBit breaches was two - the same trend we observed from the ransomware group in the third and fourth quarters of 2021 and the first and second quarters of 2022.

(more available)
Added: February 9, 2023
image from The State of Vulnerability Management 2022

The State of Vulnerability Management 2022

For this survey, we surveyed 426 security professionals directly responsible for managing cyber vulnerabilities in their day-to-day work. The survey was conducted online via Pollfish using organic sampling. What we found is that some organizations have effective ways to detect, respond to, and remediate their vulnerabilities, while other organizations have more blind spots than they think.

(more available)
Added: January 17, 2023
image from 2020 Q3 Report: Vulnerability QuickView

2020 Q3 Report: Vulnerability QuickView

This report covers vulnerabilities disclosed this year. It aims to help the reader navigate the current vulnerability landscape. It provides valuable insight into vulnerability trends and how they are impacting organizations.

(more available)
Added: December 16, 2020
image from 4th Annual Hacker Powered Security Report

4th Annual Hacker Powered Security Report

This report goes into the hacking industry in 2020. It talks about the impact of hackers on security, bug bounty trends, and more.

(more available)
Added: October 8, 2020
image from Upstream Security's Global Automotive Cybersecurity Report 2020

Upstream Security's Global Automotive Cybersecurity Report 2020

This report highlights research into cyber-attack trends in the smart mobility ecosystem.

Added: July 31, 2020
image from The 2019 Hacker Report

The 2019 Hacker Report

The third annual report from Hacker One on the state of the hacker/security testing community. Data is drawn from Hacker One’s community of bug bounty registrants and subscribing platforms.

(more available)
Added: June 23, 2020
image from The 2020 Hacker Report

The 2020 Hacker Report

The fourth annual report from Hacker One on the state of the open security testing community, using data from Hacker One’s bug bounty program.

(more available)
Added: June 23, 2020
image from Impact Report 2020

Impact Report 2020

As software proliferates and DevOps takes hold, we conducted this study to understand the impact of utilizing Pentest as a Service (PtaaS) vs. traditional pentesting services. Within the backdrop of modern software development practices and rising appsec priorities, our study found that DevOps is a driving force for pushing pentest into the cloud and deploying Pentest as a Service. Furthermore, DevOps demands that appsec measures are delivered in a fashion that favors communication, transparency, and collaboration- PtaaS is exactly the evolution that addresses those aspects.

(more available)
Added: May 11, 2020
image from 2019 Year in Review: ICS Vulnerabilities

2019 Year in Review: ICS Vulnerabilities

The findings in this report are a comprehensive look at ICS vulnerability statistics, including how they affect industrial control networks and whether appropriate mitigation is provided alongside the published advisories. Dragos identifies errors in the vulnerability scores associated with public reports, a critical part of our vulnerability assessments. By identifying and updating errors in vulnerability scores, Dragos vulnerability assessments help asset owners and operators better prioritize and manage patching and update procedures.

(more available)
Added: March 1, 2020
image from Exploring Coordinated Disclosure: Shedding Light on Perceptions and Experience in How Software Vulnerabilities are Reported

Exploring Coordinated Disclosure: Shedding Light on Perceptions and Experience in How Software Vulnerabilities are Reported

Veracode commissioned this survey from 451 Research to understand how widely accepted andpracticed coordinated disclosure – whereby a security researcher identifies a flaw and notifiesthe company, then the two work together to fix and publicly disclose the flaw – really is andwhere the pain points reside. In addition, we wanted to explore the means organizations haveestablished to receive vulnerability reports, and the attitudes toward a coordinated disclosurepolicy on both sides of the organization and among external security researchers. We also soughta deeper understanding of the motivations of security researchers, actions when a vulnerabilityis identified, timing for disclosure, desired outcomes, how organizations structure disclosurepolicies, and the effectiveness of bug bounties.

(more available)
Added: February 12, 2020
image from How Lucrative are Vulnerabilities? A Closer Look at the Economics of the Exploit Supply Chain

How Lucrative are Vulnerabilities? A Closer Look at the Economics of the Exploit Supply Chain

this report t explores the vulnerability-to-exploit (V2E) cybercrime and cybersecurity supply chain, outlines the players in the different market segments and provides insights into the related economic drivers.

(more available)
Added: November 26, 2019
image from Priority One: The State of Crowdsourced Security In 2019

Priority One: The State of Crowdsourced Security In 2019

From the report, “It is clear that there is no shortage of vulnerabilities to find. In the last year, Bugcrowd saw a 92% increase in total vulnerabilities reported over the previous year. The average payout per vulnerability increased this year by a whopping 83%, with average payouts for critical vulnerabilities reaching $2,669.92 — a 27% increase over last year.”

(more available)
Added: September 18, 2019
image from Inside The Mind Of A Hacker

Inside The Mind Of A Hacker

This report offers an inside look at hackers. It provides a glimpse into the BugCrowd community, identifies 5 distinct types of bug hunters and their motivations, Explores program variables that can motivate and encourage different types of bug hunters and the community as a whole.

(more available)
Added: April 23, 2019
image from Security Leadership Study - Trends in Application Security

Security Leadership Study - Trends in Application Security

The evolving threat landscape and perennial cybersecurity challenges are giving rise to community-based programs such as crowdsourced cybersecurity, an important evolution that’s fast becoming a foundational element of any organization’s cybersecurity program. Crowdsourced cybersecurity includes services such as bug bounty programs, vulnerability disclosure, and next-generation penetration testing (NGPT). This report explores several key findings based on research conducted by ESG.

(more available)
Added: April 23, 2019
image from Inside The Mind Of A Hacker 2.0

Inside The Mind Of A Hacker 2.0

This report takes you inside the mind of a hacker.

Added: October 26, 2018
  • ««
  • «
  • 1
  • 2
  • »
  • »»
© Cyentia Institute 2025
Library updated: June 22, 2025 00:08 UTC (build b1d7be4)