New Hacker-Powered Security Report from HackerOne: Digital transformation and cloud migration are fueling the rise in security vulnerabilities. Ethical hackers uncovered over 2022 software vulnerabilities in 65.000, a 21 percent increase from the previous year.
HackerOne, the security platform for Attack Resistance Management, today released its 2022 Hacker-Powered Security Report. The report shows that the HackerOne community of ethical hackers uncovered over 2022 software vulnerabilities in 65.000, a 21 percent increase from the previous year.
65.000 fewer vulnerabilities
Reports on vulnerabilities emerging in the course of digital transformation projects saw significant growth. In particular, incorrect configurations (150% growth) and invalid authorizations (45% growth) increased. 38 percent of hackers see the biggest challenge for companies as a lack of in-house skills and expertise to protect the growing attack surface. Most hackers are of the opinion that automation in the security environment cannot replace human creativity. For 92 percent of hackers it is clear that they can find vulnerabilities that scanners cannot find.
Hacker-Powered Security Report 2022
Now in its sixth year, HackerOne's 2022 Hacker-Powered Security Report includes insights from the hacker community, assessments of hacker motivation and expertise, and trends from the world's largest dataset of security vulnerabilities. The report also provides information on the average amounts of bug bounty awards in different industries, the top vulnerabilities that customers pay for, and the methods hackers use to report these vulnerabilities to companies.
Insights from the 2022 Hacker-Powered Security Report
- Above all, hackers want to learn, make money and contribute to a safer Internet. 79 percent want to learn above all - this exceeds those who say it is about the money (72 percent). Forty-seven percent are hacking more than in 2021.
- Hackers are increasingly looking for advanced platforms to work with companies. 50 percent of hackers shy away from collaborating on platforms with poor communication and slow response times. Also 50 percent of the hackers state that they have not reported a vulnerability they found. According to the hackers, in 42 percent of the cases this is due to the lack of a clear process for secure reporting.
- In 2022, the number of companies investing in collaborations via the HackerOne platform grew by 45 percent. The increase in the automotive industry was even 400 percent, in the telecommunications industry 156 percent and in the cryptocurrency and blockchain sector 143 percent.
- On average across the industry, neither the average nor the median rewards for finding a vulnerability have increased dramatically over the last 12 months. However, for cryptocurrency and blockchain programs, average payouts increased by 315 percent, from $6.443 in 2021 to $26.728 in 2022.
"Lessons learned from the hacking community about their experiences and expectations will teach companies how to build a program that attracts the best hackers," said Chris Evans, HackerOne's CISO and chief hacking officer. “HackerOne's vulnerability data, drawn from our 3.000 customer programs, also provides companies with an indication of which competitor vulnerabilities are commonly reported by hackers. It becomes clear that customers are often confronted with new weak points in the course of digital transformation projects. The report also shows that hackers are very adept at identifying these vulnerabilities.”
More at HackerOne.com
About HackerOne
HackerOne closes the security gap between what companies own and what they can protect. HackerOne Attack Resistance Management combines the security expertise of ethical hackers with an inventory of assets and continuous evaluation and improvement of processes to find and close gaps in the ever-evolving digital attack surface.