HackerOne, a company that hosts bug bounty programs for some of the world's largest companies, today announced its ranking of the 10 most successful programs hosted on its platform.
The ranking is based on the total amount of money awarded to hackers by each company, from April 2020.
The HackerOne list for 2020 is the second edition of this ranking, with the first being published last year. The top rankings of 2019 were: (1) Verizon Media, (2) Uber, (3) PayPal, (4) Shopify, (5) Twitter, (6) Intel, (7) Airbnb, (8) Ubiquiti Networks, ( 9) Valve and (10) GitLab.
In 2020, there were some changes to the Top 10, but the leader remained the same, with Verizon Media maintaining its position at the top and running the most successful bug bounty program in HackerOne.
2019 rank: # 1 (-)
Verizon Media is the undisputed leader of the most active and successful bug bounty program hosted on the HackerOne platform. Verizon Media more than doubled the amount of money awarded to security researchers, from $ 4 million to more than $ 9,4 million this year, with a total of $ 5,4 million in a one-year period.
Currently, Verizon Media ranks first in payments and ranks first in terms of hackers who enjoyed it (1.315) and also ranks first in most error report reports resolved (5.928). In addition, one of Verizon Media's bug bounty rewards is also ranked among the 5 largest payments ever made to HackerOne, with a $ 70.000 prize awarded to a lucky researcher.
2019 rank: # 3 (+1)
Despite running one of the most recent programs on HackerOne, registered just in August 2018, Paypal has been fully established as one of the most active companies on the platform, paying nearly $ 2,8 million over the past two years and $ 1,62 million dollars last year.
2019 rank: # 2 (-1)
Since last year's ranking, Uber's security team has donated $ 620.000 to bug bounties, raising the company's total to $ 2.415.000 awarded to HackerOne from the program that went into effect in December 2014.
Currently, Uber's bug bounty is ranked in the top 5 of the happiest hackers.
2019 rank: # 6 (+2)
Intel rose two places in the 2020 rankings after the company paid more than $ 1 million in bug bounties to researchers over the past 12 months.
While the total amount has never been published, Intel has also paid the highest bug bounty ever paid on the HackerOne platform, with the amount believed to be between $ 100.000 and $ 200.000 for one vulnerability side channel that affects the CPUs.
2019 rank: # 5 (-)
2019 rank: # 10 (+4)
In 2020, the GitLab code hosting platform went from # 10 to # 6 in one of the biggest leaps this year classification. The company has paid more than $ 641.000 in bug bounties to security researchers in the last 12 months, increasing its total payments to $ 1,211.000.
The company also has one of the fastest response times on HackerOne, responding to security researchers within an hour, on average, of new error reports.
2019 rank: 14 (+7)
A new entry in HackerOne's Top 10 is the Russian email service Mail.ru which recorded the biggest jump in this year's ratings. The company has paid more than $ 819.000 in bug bounties over the past 12 months to reach a total of $ 1,119,000 since its registration in the platform in April 2014.
2019 rank: 11 (+3)
Another program that has been very active in the last 12 months has been GitHub. The company paid more than $ 467.000 to security researchers for errors reported in the last 12 months, raising the total amount to $ 987.000 since its release in April 2016.
2019 rank: 9 (-)
Valve maintained its position in the Top 10 this year, remaining in # 9. In the last 12 months, the company paid an additional $ 381.000 in bounties to "bug hunters", raising its total to $ 951.000 since its inception program at HackerOne in October 2017.
10 ) AIRBNB
2019 rank: 7 (-3)
Despite awarding more than $ 344.000 in bug bounties in the last 12 months, that was not enough for Airbnb to maintain its # 7 position since last year. In 2020, the company ranked # 10 after awarding more than $ 944.000 in bug bounties since February 2015.