Ethical Hackers Discovered Tens Of Thousands Of Vulnerabilities In 2022, Report Claims
Modern amenities come with modern problems. Every new internet of things doorbell, connected vehicle, or online service introduces possible attack vectors for hackers with malicious intent. One small vulnerability in an otherwise secure network can lead to all sorts of problems when it comes to user data, corporate secrets, and even the integrity of an online service. With software and online security finally getting more public attention, and data breaches becoming more and more high-profile, corporations are becoming more concerned about potential vulnerabilities and turning to ethical hackers and bug bounties to help tighten things up.
There are a few different ways organizations and ethical hackers can work together to identify vulnerabilities, with two popular options being bug bounties and security management and auditing via a cyber-security company. Some of the biggest players in the tech industry have open bug bounties where independent ethical hackers get paid to identify and document a vulnerability and submit it to the security team. Apple famously paid out $20 million via its Apple Security Bounty program in the two and a half years since its launch. Microsoft reportedly pays out over $13 million per year in bug bounties, and Sony has a bug bounty program managed by HackerOne for PlayStation. HackerOne is an attack resistance management organization that works with everyone from PayPal to Nintendo, and GM to help investigate and mitigate attack vectors. On December 12, 2022, HackerOne published The 2022 Hacker-Powered Security Report which revealed some alarming statistics and trends.
A 21% increase in software vulnerabilities
According to the HackerOne report, the organization and its online community of hackers uncovered over 65,000 new software vulnerabilities in 2022, which represents an increase of 21% over 2021. The organization reports that many of these new vulnerabilities come from digital transformation projects, where corporations are shifting to a more digital-first or work-from-home structure.
The hacking organization's 45% uptick in investment from customers shows that companies are realizing the importance of cyber-security. HackerOne reports that the increase in investment is caused by a fourfold increase in automotive programs as well as a massive leap in both telecommunications and blockchain growth. While most industries saw increased investment in ethical hacking, computer hardware and peripherals, consumer goods, and travel and hospitality saw decreased investment.
The report also states that companies have paid out around $230 million through the HackerOne bounty programs, and surveys of its hackers reveal that 65% of the hackers on the platform choose their targets based on the bounty on offer, while 46% will refuse a target based on the bounty. This information reveals that if companies are serious about bug bounty programs, they need to invest cash into the bounties before hackers are willing to investigate them. According to the report, half the hackers in the program have found a vulnerability and refused to report it, either because of a lack of a bounty for doing so, or because of potential legal liability related to hacking a site.