Security News > 2020 > October > Bug Bounty Hunters Earned Over $4M for XSS Flaws Reported via HackerOne in 2020

Bug Bounty Hunters Earned Over $4M for XSS Flaws Reported via HackerOne in 2020
2020-10-30 09:38

In a report published this week, HackerOne reveals that XSS flaws accounted for 18% of all reported issues, and that the bounties companies paid for these bugs went up 26% from last year, reaching $4.2 million.

The second most awarded vulnerability type in 2020, HackerOne says, is Improper Access Control, which saw a 134% increase in occurrence compared to 2019, with a total of $4 million paid by companies in bug bounty rewards.

With $3 million paid by organizations to mitigate them over the past year, Server-Side Request Forgery vulnerabilities ended up on the fourth position.

In just one year, organizations paid $23.5 million via HackerOne to those who submitted valid reports for these 10 vulnerability types.

To date, the hacker-sourced platform paid $107 million in bug bounties, with more than $44.75 million of these rewards being paid within a 12-month period, HackerOne announced in September 2020.


News URL

http://feedproxy.google.com/~r/Securityweek/~3/OBMYpfUtpuI/bug-bounty-hunters-earned-over-4m-xss-flaws-reported-hackerone-2020