Ethical hackers found even more vulnerabilities in 2022
>
Software vulnerabilities have increased 21% since 2021, with more than 65,000 discoveries this year, according to a report from HackerOne.
The crowd-sourced cybersecurity platform analyzed the vulnerabilities exposed by its ethical hackers, and found that vulnerabilities in digital transformation projects have increased significantly over the past year, with associated misconfigurations increasing by two and a half and improper authorization protocols by nearly half.
When surveying more than 5,000 hackers in their community, HackerOne also found that more than a third of hackers believed a lack of expertise was the biggest problem for companies’ security posture.
What hackers think
More worryingly, most hackers thought automated threat-detection tools weren’t good enough: 92% claimed they can spot vulnerabilities that such software misses in scans.
The report also polled the hackers about their motivations, with most (79%) saying they wanted to learn from their activities, and 72% being motivated by money. Almost half are now hacking more than last year.
Somewhat counterintuitively, they also tended to target higher quality programs, with half avoiding programs with poor communication features and slow response times.
Again, half reported no vulnerabilities they found, with 42% claiming that the target in question did not have an adequate process in place to do so.
Average payouts to hackers for finding vulnerabilities – known as bounties – haven’t increased much from last year, but there was a marked 315% increase in the average payout of bounties related to cryptocurrency and blockchain programs, from $6,443 in 2021 to $26,728 in 2022.
“Customers continue to introduce risk during digital transformation projects,” noted HackerOne CISO Chris Evans. “The report also shows that hackers are adept at identifying the vulnerabilities introduced so that our customers can fix them before they lead to an incident.”