Ethical white hats find one software vulnerability every 2.5 minutes according to a study

markus-spiske-AfKyYsE9j6w-unsplash

Editor’s brief: In the computing world, there are coders, and there are cybersecurity folks. The lines are increasingly blurring, and a coder must increasingly learn new cybersecurity skills (although not vice versa). This is because finished software these days are on a compressed clock to market, and such insane demands means that software tend to be a mish-mash of code from many sources (typically open source as well as custom code), stringed together and given a front-end, the user interface. When different software components are stringed together, invariably errors and vulnerabilities can occur. A recent study by a white-hat (ethical hacking) company HackerOne showed that ethical hackers find a software vulnerability every 2.5 minutes. This is a worrying thought concerning the software and apps we use every day. The vendor’s news release is below.

Ethical hackers find a software vulnerability every 2.5 minutes

Research by HackerOne reveals more businesses are turning to ethical hackers to find gaps in cyber defences amid growing COVID-19 cyberthreats and stretched IT teams

SINGAPORE, @mcgallen #microwireinfo, September 23, 2020 – Research by HackerOne, the world’s most trusted hacker-powered security platform, has revealed ethical hackers are finding over twice as many vulnerabilities in software in 2020 than they were in 2019. Hackers have helped find and resolve over 180,000 vulnerabilities on the HackerOne platform, with one third of those being reported in the past year alone as more and more businesses turn to hackers to help secure their systems.

Driven by the pandemic, over a third of businesses (36%) have expedited digital initiatives to support remote working. Digitisation of assets and the speed of development is creating new vulnerabilities. 30% of organisations confirmed they experienced an increase in attacks due to the pandemic, and hackers reported 28% more software vulnerabilities per month during the pandemic than before it.

The research also revealed that IT and security teams are more concerned about the impact of attacks, with 64% believing organisations were under more threat during the pandemic. At the same time, 30% of in-house security teams were reduced and a quarter had budget cuts since March.

“Budget and staff cutbacks, a rise in cyber attacks and the great rush to support remote workers have put security teams under significant pressure,” said HackerOne CEO, Marten Mickos. “Adding to that, the need to develop new COVID-proof solutions means fresh vulnerabilities are inevitable. Traditional security tactics are no longer sufficient to keep up with a rapidly adapting attack surface. New, affordable and agile solutions need to be found.”

Additional key findings in the report included:

  1. More than US$44.75 million in bounties were awarded to hackers across the globe over the past year, driving the total bounties past US$100 million. That’s a year-over-year increase of 86% in total bounties paid.
  2. The potential earning power of a hacking career is above today’s global average IT salary of US$89,732. In 2019, more than 50 hackers earned over US$100,000 (£77,000) in 2019 from bug bounties.
  3. There are now over 830,000 hackers registered on the HackerOne Community. They’ve earned more than US$100 million through reports on 565,000+ vulnerabilities.
  4. 9 individual hackers from 7 different countries have now earned over US$1 million on the HackerOne platform.
  5. Through Hack for Good, a feature that enables hackers to automatically donate bounty earnings to a chosen charity, hackers donated more than US$30,000  to The World Health Organisation (WHO) COVID-19 Solidarity Response Fund, Hack For Good’s first recipient
  6. The average bounty paid for critical vulnerabilities increased to US$3,650 in the past year; an 8% year-over-year increase. To date, US$100,000 remains the largest individual bounty earned for a critical vulnerability on HackerOne.
  7. Industries with year-over-year increase in total programs of 200% or greaterincluded Computer Hardware (250%), Consumer Goods (243%), Education (200%), and Healthcare (200%).

Mickos continues: “We’ve all become hackers during the pandemic – questioning status quo, testing new ways of working, overcoming limitations. Our reports show that since the start of the pandemic, 30% of businesses have been more open to accepting security help from hackers. With hackers delivering concrete results at an affordable cost, even the most traditional industries are ready to give hacker-powered security a try.”

The full report is available at https://www.hackerone.com/hacker-powered-security-report

About HackerOne

HackerOne empowers the world to build a safer internet. As the world’s most trusted hacker-powered security platform, HackerOne gives organisations access to the largest community of hackers on the planet. Armed with the most robust database of vulnerability trends and industry benchmarks, the hacker community mitigates cyber risk by searching, finding, and safely reporting real-world security weaknesses for organisations across all industries and attack surfaces. Customers include The U.S. Department of Defense, Dropbox, General Motors, GitHub, Goldman Sachs, Google, Hyatt, Intel, Lufthansa, Microsoft, MINDEF Singapore, Nintendo, PayPal, Qualcomm, Slack, Starbucks, Twitter, and Verizon Media. HackerOne was ranked fifth on the Fast Company World’s Most Innovative Companies list for 2020. Headquartered in San Francisco, HackerOne has a presence in London, New York, the Netherlands, France, Singapore, and over 70 other locations across the globe.

###