Security News > 2020 > January > Zero Day Initiative Bug Hunters Rake in $1.5M in 2019

In terms of bugs themselves, "[we also] saw abused for privilege escalation, had the Samsung handset exploited via baseband for the third Pwn2Own Tokyo in a row and disclosed a significantly impactful SharePoint bug later seen in active attacks," ZDI's Brian Gorenc wrote, in a blog post on Thursday.

From a trend perspective, Gorenc said that 2019 saw a shift towards more reports for high-severity flaws - rather than medium-severity bugs making the bulk of advisories as they have in years past.

"In 2019, two out of three Adobe bugs we purchased impact Acrobat and Reader. We did purchase a few Flash bugs, but we actually had more submissions for Photoshop than we did for Flash - five times more."

A type of bug known as "Improper neutralization of special elements used in an expression language statement" accounted for about 6 percent of the bounties issued.

It's likely that the number of advisories stemming from 2019 bug discoveries will grow: "We usually see notifications from vendors early in the new year of vulnerabilities patched late in the previous year," said Gorenc.

News URL

https://threatpost.com/zero-day-initiative-bug-hunters-15m-2019/152435/