{"id":37433,"date":"2020-10-01T14:28:21","date_gmt":"2020-10-01T14:28:21","guid":{"rendered":"https:\/\/packetstormsecurity.com\/news\/view\/31626\/New-Report-Suggests-That-Bug-Bounty-Business-Is-Recession-Proof.html"},"modified":"2020-10-01T14:28:21","modified_gmt":"2020-10-01T14:28:21","slug":"new-report-suggests-that-bug-bounty-business-is-recession-proof","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/new-report-suggests-that-bug-bounty-business-is-recession-proof\/","title":{"rendered":"New Report Suggests That Bug Bounty Business Is Recession-Proof"},"content":{"rendered":"<div class=\"wysiwyg\">\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" src=\"https:\/\/www.scmagazine.com\/wp-content\/uploads\/sites\/2\/2020\/08\/thumbnail_Gorenc-Speaking1-e1598044587617-1024x612.jpg\" alt=\"Photo of Brian Gorenc Sr.\" class=\"wp-image-106884\" srcset=\"https:\/\/www.scmagazine.com\/wp-content\/uploads\/sites\/2\/2020\/08\/thumbnail_Gorenc-Speaking1-e1598044587617-1024x612.jpg 1024w, https:\/\/www.scmagazine.com\/wp-content\/uploads\/sites\/2\/2020\/08\/thumbnail_Gorenc-Speaking1-e1598044587617-300x179.jpg 300w, https:\/\/www.scmagazine.com\/wp-content\/uploads\/sites\/2\/2020\/08\/thumbnail_Gorenc-Speaking1-e1598044587617-768x459.jpg 768w, https:\/\/www.scmagazine.com\/wp-content\/uploads\/sites\/2\/2020\/08\/thumbnail_Gorenc-Speaking1-e1598044587617-860x514.jpg 860w, https:\/\/www.scmagazine.com\/wp-content\/uploads\/sites\/2\/2020\/08\/thumbnail_Gorenc-Speaking1-e1598044587617-156x93.jpg 156w, https:\/\/www.scmagazine.com\/wp-content\/uploads\/sites\/2\/2020\/08\/thumbnail_Gorenc-Speaking1-e1598044587617-312x187.jpg 312w, https:\/\/www.scmagazine.com\/wp-content\/uploads\/sites\/2\/2020\/08\/thumbnail_Gorenc-Speaking1-e1598044587617-640x383.jpg 640w, https:\/\/www.scmagazine.com\/wp-content\/uploads\/sites\/2\/2020\/08\/thumbnail_Gorenc-Speaking1-e1598044587617.jpg 1251w\" sizes=\"(max-width: 1024px) 100vw, 1024px\"><figcaption>Brian Gorenc, senior director of vulnerability research and director of Trend Micro\u2019s&nbsp;ZDI&nbsp;program, says he\u2019s been observing increased bug bounty activity in 2020.<\/figcaption><\/figure>\n<p>A new report from HackerOne presents data suggesting that the bug bounty business might be recession-proof, citing increases in hacker registrations, monthly vulnerability disclosures and payouts in the midst of an economic downturn caused by the coronavirus pandemic.<\/p>\n<p>According to the annual <a href=\"https:\/\/www.hackerone.com\/resources\/reporting\/the-4th-hacker-powered-security-report\" target=\"_blank\" rel=\"noreferrer noopener\">Hacker-Powered Security Report<\/a>, new sign-ups on the HackerOne bug bounty platform during April, May and June 2020 represented a 69 percent jump over the same time period in 2019, and a 56 percent increase compared to January and February 2020.<\/p>\n<p>Also, during April through June, the monthly average of incoming vulnerability reports rose 28 percent over January and February and 24 percent over the same time period in 2019. And the number of bounty payouts also climbed by 29 percent compared to the first two months of the year.<\/p>\n<p>A particularly telling statistic might help explain the trend: 30 percent of 1,400 surveyed security leaders told HackerOne they are now more open to accepting vulnerability reports from third-party researchers as a way to compensate for budgetary and staffing challenges posed by COVID-19.<\/p>\n<p>This implies organizations during the ongoing COVID-19 crisis and global recession may find themselves relying more on external assistance from the greater hacking community as a way to augment their internal efforts to mitigate vulnerability risk. This, in turn, has opened up new opportunities for outside researchers.<\/p>\n<p>Some companies, like Zoom, have actually found themselves riddled with even more bug disclosures than normal because the pandemic \u201cmade them rapidly grow in popularity for both users and hackers,\u201d said Katie Moussouris, founder and CEO of Luta Security, a company that has helped companies \u2013 Zoom included \u2013 build organizational readiness for vulnerability disclosure.<\/p>\n<p>Brian Gorenc, senior director of vulnerability research and director of Trend Micro\u2019s&nbsp;<a href=\"https:\/\/www.scmagazine.com\/home\/security-news\/lessons-from-15-years-of-bug-bounties\/\">Zero Day Initiative (ZDI)&nbsp;program<\/a>, told SC Media that he has similarly seen bug bounty activity trending upwards. In 2019, ZDI published 1,045 vulnerability advisories over the course of an entire year. This year, ZDI has already surpassed those numbers with 1,235.<\/p>\n<p>\u201cAnd it is not just from people familiar with&nbsp;ZDI. We\u2019re also seeing an increase in new participants to our program,\u201d said Gorenc. \u201cWe\u2019re on pace for our busiest year ever. There are plenty of opportunities for researchers \u2013 both new and experienced \u2013 to find and report bugs.\u201d<\/p>\n<p>And while there is still relatively high demand for security talent in the workforce, it worth noting that 30 percent of the security leaders surveyed by HackerOne this summer reported having to downsize their security teams as a result of the pandemic.<\/p>\n<p>With that in mind, security professionals and researchers who have lost their corporate jobs during these economic hard times perhaps might consider bug&nbsp;bounty&nbsp;hunting as a potential source of income to support themselves until the right opportunity comes along again.<\/p>\n<p>For that matter, Gorenc said even full-time security researchers who are still gainfully employees may be getting in on the action, because work-from-home conditions \u201cafford them extra time and opportunity for finding and reporting bugs. Even if their primary source of income hasn\u2019t been impacted, the extra income is always welcome.\u201d<\/p>\n<p><strong>Bug hunters see opportunity<\/strong><\/p>\n<p>HackerOne connected SC Media with a pair of independent bug bounty hunters who also affirmed that opportunities continue to abound.<\/p>\n<p>Jon Colston, a prolific vulnerability researcher who has accumulated over $1 million in bug bounties via HackerOne, said his past work in the consumer finance industry was actually far more unpredictable, due to a host of external factors such as \u201cregulation, seasonal demand, economic conditions and liquidity markets.\u201d<\/p>\n<p>In his old industry, if one of those variables changed, \u201cso followed staffing. It was one big math equation where a headline in the papers would indicate how the next six months likely played out,\u201d said Colston, who uses the hacker handle \u201cMayonaise\u201d and has discovered more than 170 vulnerabilities in enterprise and government organizations.<\/p>\n<p>By comparison, \u201cthe cybersecurity industry appears to be much less volatile,\u201d Colston said. \u201cAt the start of the pandemic, I was concerned businesses would retreat to a defensive position, protecting employees by eliminating budget for all contract positions and VDP programs. Surprisingly, I witnessed the opposite. Companies shifted payouts to incentivize researchers to focus on bugs with higher impact, a move that mirrored the increasing threat from bad actors taking advantage of the lockdown.\u201d<\/p>\n<p>Hacker Tanner Emek, who uses the handle @cache-money and has reported 374 bugs via HackerOne over his lifetime, noticed that in the beginning of the pandemic, a handful of programs diminished certain bounty payouts. But they \u201conly did so for low and medium severity bugs, and either left high and critical payouts the same, or even increased them,\u201d he said.<\/p>\n<p>Overall, however, \u201cThe vast majority of programs left their bounty tables untouched and continued normal operations while still having occasional bonuses,\u201d Emek continued. \u201cI think the reaction to this reflects on how important companies see security today. They realize security is not the place to be cutting costs, since that can end up doing far more damage in the long-term.\u201d<\/p>\n<p>\u201cI\u2019ve seen many new hackers getting involved recently. With so many companies to hack, there\u2019s no shortage of bugs to be found,\u201d Emek added. One advantage to bug bounty is that they are accessible to everyone, not only security professionals. With the free educational resources out there, Emek predicts a lot of new hackers from non-traditional backgrounds dipping their toe into the field.<\/p>\n<p>Still, experts point out that it\u2019s not easy to make a living bug hunting.<\/p>\n<div class=\"wp-block-image\">\n<figure class=\"alignleft size-large\"><img decoding=\"async\" src=\"https:\/\/www.scmagazine.com\/wp-content\/uploads\/sites\/2\/2018\/07\/0716-f-qa-katie-moussouris-2_997494_997495.jpg\" alt class=\"wp-image-63435\" srcset=\"https:\/\/www.scmagazine.com\/wp-content\/uploads\/sites\/2\/2018\/07\/0716-f-qa-katie-moussouris-2_997494_997495.jpg 200w, https:\/\/www.scmagazine.com\/wp-content\/uploads\/sites\/2\/2018\/07\/0716-f-qa-katie-moussouris-2_997494_997495-150x150.jpg 150w, https:\/\/www.scmagazine.com\/wp-content\/uploads\/sites\/2\/2018\/07\/0716-f-qa-katie-moussouris-2_997494_997495-156x156.jpg 156w, https:\/\/www.scmagazine.com\/wp-content\/uploads\/sites\/2\/2018\/07\/0716-f-qa-katie-moussouris-2_997494_997495-32x32.jpg 32w, https:\/\/www.scmagazine.com\/wp-content\/uploads\/sites\/2\/2018\/07\/0716-f-qa-katie-moussouris-2_997494_997495-50x50.jpg 50w, https:\/\/www.scmagazine.com\/wp-content\/uploads\/sites\/2\/2018\/07\/0716-f-qa-katie-moussouris-2_997494_997495-64x64.jpg 64w, https:\/\/www.scmagazine.com\/wp-content\/uploads\/sites\/2\/2018\/07\/0716-f-qa-katie-moussouris-2_997494_997495-96x96.jpg 96w, https:\/\/www.scmagazine.com\/wp-content\/uploads\/sites\/2\/2018\/07\/0716-f-qa-katie-moussouris-2_997494_997495-128x128.jpg 128w\" sizes=\"(max-width: 200px) 100vw, 200px\"><figcaption>Katie Moussouris, Luta Security.<\/figcaption><\/figure>\n<\/div>\n<p>\u201cThe vast majority of bug bounty hunters in Western countries cannot make a decent income,\u201d said Moussouris. HackerOne\u2019s own data year-over-year demonstrates this point, she noted: Out of more than 830,000 registered hackers, only about 9,000 earned something on HackerOne. \u201cAlso, the majority of the bug bounty programs on HackerOne are private, so most hackers won\u2019t even be invited to attempt to earn money from those programs.\u201d<\/p>\n<p>Gorenc was a little more hopeful: \u201cIt is possible to be a full-time bug hunter, but it\u2019s rare,\u201d he said. \u201cIt takes a lot of time and dedication to go along with a broad skillset and, most importantly, the proper mindset to make a living on bug hunting alone. Most people who report to bug bounty programs consider it more of a side hustle.\u201d<\/p>\n<p>Moussouris, who helped the U.S. Department of Defense launch the government\u2019s first bug bounty program, \u201cHack the Pentagon,\u201d also has a warning for organizations: Bug bounty programs should never be treated as a total replacement for in-house security expertise, even with the recession forcing various budget and staffing cuts.<\/p>\n<p>\u201cWe\u2019re seeing that the bug bounty programs and VDPs [vulnerability disclosure programs] holding up the best during the pandemic are the ones that invested more internally on&nbsp;security&nbsp;people, process, and technology,\u201d she remarked. \u201cNow more than ever, bug bounties should be complementary to your other&nbsp;security due diligence, never a replacement.<\/p>\n<p>\u201cAs a former penetration tester, and creator of many of the world\u2019s first and largest bug bounty programs\u2026 I can say that no amount of money thrown at a bug bounty program or penetration test will ever be more efficient than building&nbsp;security&nbsp;in from the ground up.\u201d<\/p>\n<\/p><\/div>\n<section class=\"post-tags\">\n<h2>Topics:<\/h2>\n<p> <a href=\"https:\/\/www.scmagazine.com\/tag\/network-security\/\" class=\"button -secondary\">Network Security<\/a> <a href=\"https:\/\/www.scmagazine.com\/tag\/research\/\" class=\"button -secondary\">Research<\/a> <a href=\"https:\/\/www.scmagazine.com\/tag\/vulnerabilities\/\" class=\"button -secondary\">Vulnerabilities<\/a> <\/section>\n<p> READ MORE <a href=\"https:\/\/packetstormsecurity.com\/news\/view\/31626\/New-Report-Suggests-That-Bug-Bounty-Business-Is-Recession-Proof.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":37434,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[277],"tags":[256],"class_list":["post-37433","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity-blogs","tag-headlinehackerflaw"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>New Report Suggests That Bug Bounty Business Is Recession-Proof 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/new-report-suggests-that-bug-bounty-business-is-recession-proof\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"New Report Suggests That Bug Bounty Business Is Recession-Proof 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/new-report-suggests-that-bug-bounty-business-is-recession-proof\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2020-10-01T14:28:21+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/10\/new-report-suggests-that-bug-bounty-business-is-recession-proof.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1024\" \/>\n\t<meta property=\"og:image:height\" content=\"612\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/new-report-suggests-that-bug-bounty-business-is-recession-proof\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/new-report-suggests-that-bug-bounty-business-is-recession-proof\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"New Report Suggests That Bug Bounty Business Is Recession-Proof\",\"datePublished\":\"2020-10-01T14:28:21+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/new-report-suggests-that-bug-bounty-business-is-recession-proof\/\"},\"wordCount\":1239,\"publisher\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/new-report-suggests-that-bug-bounty-business-is-recession-proof\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/10\/new-report-suggests-that-bug-bounty-business-is-recession-proof.jpg\",\"keywords\":[\"headline,hacker,flaw\"],\"articleSection\":[\"CyberSecurity Blogs\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/new-report-suggests-that-bug-bounty-business-is-recession-proof\/\",\"url\":\"https:\/\/www.threatshub.org\/blog\/new-report-suggests-that-bug-bounty-business-is-recession-proof\/\",\"name\":\"New Report Suggests That Bug Bounty Business Is Recession-Proof 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/new-report-suggests-that-bug-bounty-business-is-recession-proof\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/new-report-suggests-that-bug-bounty-business-is-recession-proof\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/10\/new-report-suggests-that-bug-bounty-business-is-recession-proof.jpg\",\"datePublished\":\"2020-10-01T14:28:21+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/new-report-suggests-that-bug-bounty-business-is-recession-proof\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.threatshub.org\/blog\/new-report-suggests-that-bug-bounty-business-is-recession-proof\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/new-report-suggests-that-bug-bounty-business-is-recession-proof\/#primaryimage\",\"url\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/10\/new-report-suggests-that-bug-bounty-business-is-recession-proof.jpg\",\"contentUrl\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/10\/new-report-suggests-that-bug-bounty-business-is-recession-proof.jpg\",\"width\":1024,\"height\":612},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/new-report-suggests-that-bug-bounty-business-is-recession-proof\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.threatshub.org\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"headline,hacker,flaw\",\"item\":\"https:\/\/www.threatshub.org\/blog\/tag\/headlinehackerflaw\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"New Report Suggests That Bug Bounty Business Is Recession-Proof\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#website\",\"url\":\"https:\/\/www.threatshub.org\/blog\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\/\/www.threatshub.org\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"New Report Suggests That Bug Bounty Business Is Recession-Proof 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/new-report-suggests-that-bug-bounty-business-is-recession-proof\/","og_locale":"en_US","og_type":"article","og_title":"New Report Suggests That Bug Bounty Business Is Recession-Proof 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/new-report-suggests-that-bug-bounty-business-is-recession-proof\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2020-10-01T14:28:21+00:00","og_image":[{"width":1024,"height":612,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/10\/new-report-suggests-that-bug-bounty-business-is-recession-proof.jpg","type":"image\/jpeg"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/new-report-suggests-that-bug-bounty-business-is-recession-proof\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/new-report-suggests-that-bug-bounty-business-is-recession-proof\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"New Report Suggests That Bug Bounty Business Is Recession-Proof","datePublished":"2020-10-01T14:28:21+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/new-report-suggests-that-bug-bounty-business-is-recession-proof\/"},"wordCount":1239,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/new-report-suggests-that-bug-bounty-business-is-recession-proof\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/10\/new-report-suggests-that-bug-bounty-business-is-recession-proof.jpg","keywords":["headline,hacker,flaw"],"articleSection":["CyberSecurity Blogs"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/new-report-suggests-that-bug-bounty-business-is-recession-proof\/","url":"https:\/\/www.threatshub.org\/blog\/new-report-suggests-that-bug-bounty-business-is-recession-proof\/","name":"New Report Suggests That Bug Bounty Business Is Recession-Proof 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/new-report-suggests-that-bug-bounty-business-is-recession-proof\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/new-report-suggests-that-bug-bounty-business-is-recession-proof\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/10\/new-report-suggests-that-bug-bounty-business-is-recession-proof.jpg","datePublished":"2020-10-01T14:28:21+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/new-report-suggests-that-bug-bounty-business-is-recession-proof\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/new-report-suggests-that-bug-bounty-business-is-recession-proof\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/new-report-suggests-that-bug-bounty-business-is-recession-proof\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/10\/new-report-suggests-that-bug-bounty-business-is-recession-proof.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/10\/new-report-suggests-that-bug-bounty-business-is-recession-proof.jpg","width":1024,"height":612},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/new-report-suggests-that-bug-bounty-business-is-recession-proof\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"headline,hacker,flaw","item":"https:\/\/www.threatshub.org\/blog\/tag\/headlinehackerflaw\/"},{"@type":"ListItem","position":3,"name":"New Report Suggests That Bug Bounty Business Is Recession-Proof"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/37433","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=37433"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/37433\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/37434"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=37433"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=37433"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=37433"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}