HackerOne: XSS Flaws Are Most Common Bugs
Bug bounty platform vendor HackerOne has released its 2017 Hacker-Powered Security report, which provides insight into the website security vulnerabilities identified through its services. Key findings include the following:
- 26 percent of reported issues are cross-site scripting (XSS) flaws, making this the most commonly reported type of bug.
- The average bug bounty payout is $1,923.
- Technology vendors pay the highest bug bounties, while education pays the least.
- Ecommerce and retail organizations fix reported bugs the fastest, while government agencies generally take the longest.