A Bountiful Year Top Bugs and Hacktivity Highlights in 2016 trump-dumpsru, APPROVEDXXX
Hacktivity proudly showcases the achievements of our hackers and the community, culture, and collaboration we create through the act of hacking.
It was a wild ride for Hacktivity in 2016:
Let’s reflect on some of the major trends and patterns in our hacker community as seen through the eyes of Hacktivity.
The top awards are not short on creativity, collaboration, and good ol’ fashioned hard work. The highest-voted vulnerability report described how an attacker could exploit a vulnerable deserialization function in PHP leading to remote shell on a production server.
This report from japzdivino claims the highest payout from HackerOne’s very own bug bounty program , not just in 2016 but of all time: $12,500.
Since their public launch not long ago, Uber has quickly climbed to be one of the most successful bug bounty programs and community favorites. They couldn’t have done it without amazing hackers, among which is the reporter of this great find, mongo .
What the HackerOne community accomplishes is truly a team effort, and this report exemplifies it perfectly: creative bug hunt, mind-blowingly fast response, competitive reward, happy hacker, and safer program.
Awarded at $10,000, this is the second highest payout from our bug bounty program . Rockstar Hacker Faisal Ahm reported within 24 hours of the feature release that contained this security flaw. And what’s more impressive? The issue was resolved within an hour of the report being filed (huge shoutout to our security team members!)
LocalTapiola was considered a dark horse as compared to some of the ‘usual suspects’, but they proved themselves to be quite generous with critical issues found by sharp eyes, such as those of Teemu Kääriäinen . They’re also the proud owners of the highest posted bounty award of $50K – perhaps we’ll be hearing more from this program in the 2017 Hacktivity recap!
Pornhub ‘s whooping $20,000 to static was eye-catching, but it’s part of a bigger trend of public programs not shy about paying more for well-deserved efforts and to attract top-ranked hackers. This is the story we’ll keep coming back to and tell to our friends around the proverbial campfire.
Not surprisingly, all of these programs are in the 90th percentile of what we deem as “Reward Competitiveness” with our Hacker Success Index Measurements . Basically, they incentivize hackers to hack their programs – and hack again and again because they’ll be rewarded for it!
5. Shopify | https://hackerone.com/shopify
4. Twitter | https://hackerone.com/twitter
3. Pornhub | https://hackerone.com/pornhub
2. HackerOne | https://hackerone.com/security
1. Uber | https://hackerone.com/uber
These hackers stood above the rest in 2016, boasting one of the most coveted things of all: recognition from their peers. Hail the top hackers!
5. japzdivino | https://hackerone.com/japzdivino
4. jobert | https://hackerone.com/jobert
3. static | https://hackerone.com/static
2. fransrosen | https://hackerone.com/fransrosen
1. bobrov | https://hackerone.com/bobrov
What a year it was, but 2017’s got a lot of great things in store! We would love to hear from you about what you’d like to see in Hacktivity. Feel free to send suggestions to firstname.lastname@example.org .
Join us as we raise a glass to lots of Hacktivity in 2017!
Cheers, Pei & Luke
PS: We also tabulated the top bugs based on payouts last year – A look at the top HackerOne bug bounties of 2016 .