<Note: This is the second in a six-part series expanding on the “key findings” of the Hacker-Powered Security Report 2017. Based on data gathered from over 800 hacker-powered security programs, plus surveys of both those managing the programs and the participating hackers, the report provides striking new insights to help more organizations understand and implement hacker-powered security.>
With hacker-powered security, it’s critical to open and maintain a line of communication with the hackers who are working to find your vulnerabilities. It’s why vulnerability disclosure policies are becoming table stakes, and it’s what drives hackers to work with some companies and not others.
Hacker-Powered Security Report Key Finding #2: Customers security response efficiency is improving.
The Hacker-Powered Security Report found that the average time to first response for security issues was 6 days in 2017, compared to 7 days in 2016. That means it takes less than a week for hackers to get a response to a vulnerability they’ve reported.
Speed is an important factor in vulnerability discovery, disclosure, and remediation. On the discovery side, the report found that 77 percent of bug bounty programs find their first vulnerability within the initial 24 hours. That’s an impressive feat for any program, and it shows the speed and efficiency of hacker-powered security.
But getting a vulnerability report is just the beginning. Those bugs need to be acknowledged, researched, and ultimately fixed. Since hackers are external, it’s important to quickly recognize and respond to their reports. It’s the only way they know the true validity and value of the bugs they’ve discovered, and it’s the first step in creating a solid working relationship between hackers and organizations.
Speedy communications and remediation also helps attract more and better hackers. A fast response, clear communication throughout the process, and a fast resolution goes a long way to not only getting hackers paid, but keeping them informed during the journey.
Check back next week for our dive into the Hacker-Powered Security Report’s number three key finding: responsive programs attract top hackers!
HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty program solutions encompass vulnerability assessment, crowdsourced testing and responsible disclosure management. Discover more about our security testing solutions or Contact Us today.