HackerOne said Monday its average dollar payouts to participants are up, and cross site scripting vulnerabilities cause the biggest headaches for companies. The bug bounty platform provider culled data from the past four years, analyzing 50,000 reported bugs and more than $17 million in payouts to white hat hackers, and published it yesterday in its 2017 Hacker-Powered Security report.