Crowdsourced security pinpoints many vulnerabilities

Crowdsourced security is finding more and more fans

Share post

Crowdsourced security has increased significantly in the last year. In the public sector, 151 percent more vulnerabilities were reported than in the previous year. In retail, filings increased 34 percent.

Bugcrowd has published its annual “Inside the Platform: Bugcrowd's Vulnerability Trends Report”. The report details the types of vulnerabilities that global hackers say are currently on the rise. It also documents the continued increase in the use of public crowdsourced programs due to growing awareness and acceptance of crowdsourced security strategies.

Crowdsourced security has grown rapidly in the public sector

The public sector (government) saw the fastest growth for crowdsourced security in 2023 compared to 2022, with a 151% increase in vulnerability submissions and a 58% increase in Priority 1 (or P1) rewards for discovery critical vulnerabilities. Other industries with sharp increases in filings included retail (+34%), business services (+20%) and computer software (+12%).

Last year, the hacker community saw a 2022% increase in web submissions created on the Bugcrowd platform, an 30% increase in API submissions, a 18% increase in Android submissions, and a 21% increase compared to 17 -percent increase in iOS submissions.

“This report provides important context, insight and opportunities for security leaders looking for new information to inform their risk profiles,” said Nick McKenzie, Bugcrowd’s Chief Information and Security Officer. “Looking forward, we can use the insights from this report in conjunction with other key insights to predict what comes next.”

Crowdsourcing can support smaller businesses

McKenzie predicts that in 2024, threat actors will use AI to accelerate attacks on organizations - meaning more effort for defenders, but not necessarily smarter attacks. With ongoing attacks in this space, it is becoming increasingly important for security leaders to gain high-quality insights and continually review supply chain security, third-party risk, and inventory management processes.

The “human risk factor” will also become more dangerous. This is based on the actions of malicious insiders and misguided employees who fall victim to social engineering attacks or the circumvention of internal controls (intentionally or unintentionally), as well as operationally to address the “cyber talent gap” and help their security teams “scale " to help. Companies will certainly and more broadly employ crowdsourcing of human intelligence to continually adapt unique or previously unidentified vulnerabilities because smaller, less diverse, budget or talent-constrained teams cannot afford this.

Financial rewards for finding vulnerabilities

The Bugcrowd platform connects companies with trusted hackers to proactively defend their assets against advanced threats. This enables companies to leverage the collective ingenuity of the hacker community to better uncover and mitigate risks in applications, systems and infrastructure.

Crowdsourced solutions include penetration testing as a service, managed bug bounties, and vulnerability discovery programs (VDPs). Not surprisingly, the report confirms that the most successful programs on the platform offer the highest rewards for hackers - typically $10.000 or more for finding a P1 vulnerability. The highest rewards for reporting P1 vulnerabilities are paid in the financial services and government sectors.

Crowdsourced security programs find 10x more critical vulnerabilities

Over the past year, companies have also increasingly favored public crowdsourcing programs over private programs, while open-approach programs received ten times more P1 vulnerabilities than those with limited scope. A scope is the defined set of objectives listed by an organization as values ​​to be tested. An open-scope bug bounty program does not limit what hackers can or cannot test in light of the organization's values.

The report also examines how different hacker roles contribute to crowdsourced security and how crowdsourced security platforms can provide powerful alert systems to uncover vulnerabilities. Several sections help capture the spirit of the crowdsourcing community, including sections on the changing landscape for reward areas, the 5 most commonly reported vulnerability types, and customer case studies highlighting Rapyd and ClickHouse.

More at


About Bugcrowd

Bugcrowd, the only multi-solution crowdsourced cybersecurity platform, combines data- and ML-driven crowd-matching with decades of application experience to focus the right human creativity on the right problem at the right time. Trusted by companies around the world, the Bugcrowd Security Knowledge Platform™ makes it possible to find hidden vulnerabilities throughout their attack surface before they can be exploited, leveraging the knowledge of world-class ethical hackers. Bugcrowd is based in San Francisco and is backed by Blackbird Ventures, Costanoa Ventures, Industry Ventures, Paladin Capital Group, Rally Ventures, Salesforce Ventures and Triangle Peak Partners.

Matching articles on the topic

IT security: NIS-2 makes it a top priority

Only in a quarter of German companies do management take responsibility for IT security. Especially in smaller companies ➡ Read more

Cyber ​​attacks increase by 104 percent in 2023

A cybersecurity company has taken a look at last year's threat landscape. The results provide crucial insights into ➡ Read more

Mobile spyware poses a threat to businesses

More and more people are using mobile devices both in everyday life and in companies. This also reduces the risk of “mobile ➡ Read more

Crowdsourced security pinpoints many vulnerabilities

Crowdsourced security has increased significantly in the last year. In the public sector, 151 percent more vulnerabilities were reported than in the previous year. ➡ Read more

Digital Security: Consumers trust banks the most

A digital trust survey showed that banks, healthcare and government are the most trusted by consumers. The media- ➡ Read more

Darknet job exchange: Hackers are looking for renegade insiders

The Darknet is not only an exchange for illegal goods, but also a place where hackers look for new accomplices ➡ Read more

Solar energy systems – how safe are they?

A study examined the IT security of solar energy systems. Problems include a lack of encryption during data transfer, standard passwords and insecure firmware updates. trend ➡ Read more

New wave of phishing: Attackers use Adobe InDesign

There is currently an increase in phishing attacks that abuse Adobe InDesign, a well-known and trusted document publishing system. ➡ Read more