The average bug bounty payout has jumped from $295 a little over a year ago to $451, as the automotive industry leads the way with an average payout of $1,514, according to Bugcrowd, a leading vulnerability disclosure platform provider.
Citing data gleaned from its service between April 2016 and March 2017, Bugcrowd noted in its third annual "State of Bug Bounty" report that vulnerability discoveries in hardware and IoT devices like routers, webcams and wearables have been most lucrative over the past year, with an average payout of $742. Mobile application vulnerabilities, meanwhile, had the lowest average payout at $385, with Android vulnerabilities generally worth more than iOS bugs.
Additionally, the report notes that the number of new programs launched from April 2016 to March 2017 was 77 percent higher than in was in the prior 12-month period. During this time, large enterprises of at least 500/5,000 employees became more active than ever before, more than tripling their number of bug bounty programs from the previous year.
Bugcrowd reported that the top five industries in terms of bug bounty adoption are computer software, Internet, IT and services, financial services/banking, and computer and network security. Combined, these groups currently compromise 68 percent of the company's programs.