image
Bug-bounty programs have become a popular way for vendors to root out security flaws in their platforms, attracting talented white-hats with the promise of big rewards. According to HackerOne’s 2020 List of the Top 10 Bug Bounty Programs on its platform, Verizon Media, PayPal and Uber are in the elite group. “These top 10 programs are setting the standard for how transparency breeds trust in security in collaboration with a team of diverse hackers from across the globe,” HackerOne CTO and co-founder Alex Rice said in an emailed statement. “At HackerOne, Default to Disclosure is one of our values. And while this isn’t a mandate for our customers and hackers, it is something we encourage every customer to think about. By sharing where we’re vulnerable, other defenders can learn, friendly hackers can learn, and we’re all safer in the end.” Verizon Media tops the list with $9.4 million paid out since it started its program in 2014, with its top bounty coming in at $70,000. It saw surging success this year, with awards all the way up from $1.8 million in the life of its program. That’s only one of several notable changes from the 2019 rankings. Also new for 2020, PayPal outstripped Uber, taking on the No. 2 position and relegating the ride-share giant to third place. That said, PayPal follows as a distant second with Verizon Media in terms of bounty volume (though it’s had less time than Verizon Media to rack up payments). It has so far paid out $2.8 million with $30,000 as its…

Source