Security News > 2020 > October > Bug-Bounty Awards Spike 26% in 2020
The vulnerability - which enables attackers to inject client-side scripts into web pages viewed by other users - earned hackers $4.2 million in total bug-bounty awards in the last year, a 26-percent increase from what was paid out in 2019 for finding XSS flaws, according to the report.
In total, organizations paid ethical hackers $23.5 million in bug bounties for all of these flaws this year, according to HackerOne, which maintains a database of 200,000 vulnerabilities found by hackers.
A bug-bounty award for an XSS flaw is about $501, well below the $3,650 average award for a critical flaw, allowing organizations to mitigate the common bug on the cheap, researchers noted.
Awards for improper access control increased 134 percent year over year to slightly more than $4 million, while bug bounties for information disclosure rose 63 percent year over year.
Even large tech companies who were historically resistant to being transparent about their product's security protocols have warmed to the idea of awarding ethical hackers for their work.