Priority One Report: Bug Bounties Paying out for Deep Testing

The inaugural 2019 Priority One Report by Bugcrowd reveals that the number of security vulnerabilities reported and bug bounty payouts per vulnerability nearly doubled this year compared to last. There was a major shift in vulnerability classes found by security researchers in 2018, with four-out-of-five top Vulnerability Rating Taxonomy (VRT) classes revolving around vulnerabilities that are difficult for machines to find. The average payout for a critical vulnerability has reached nearly $2,700 this year. Web vulnerabilities continue to rise, and there was a nearly 4x increase in vulnerability submissions for IoT targets with average payouts surpassing $8,500. New technology environments will require more skills and education to combat the new vulnerabilities that will appear alongside.