Crowdsourced security prevails: YesWeHack bug bounty platform continues on the road to success. In 2021, the platform more than doubled its annual sales worldwide. The YesWeHack community of ethical hackers has grown by 75 percent globally, with over 35.000 ethical hackers now active on the platform.
The past 2021 months marked another record year for vulnerabilities. In 35, YesWeHack saw twice the number of vulnerabilities identified by its hackers compared to the previous year. XNUMX percent of these were classified as "critical" or "high". This means that many enterprise systems and applications would have been seriously compromised if the vulnerabilities were not found or fixed.
2021: a record year for vulnerabilities
Crowdsourced security continues
through (Image: YesWeHack).
The increasing number and impact of vulnerabilities discovered in 2021 - such as SolarWinds and Log4J - have prompted companies to invest more and more in crowdsourced security. In 2021, the online aggregator FireBounty.com, launched by YesWeHack, counted a total of 24.000 published Vulnerability Disclosure Policies (VDP), i.e. guidelines on how vulnerabilities should be found and reported by ethical hackers. In terms of the type of vulnerabilities discovered, implementation and design errors (secure design, access control) are the most common for the second year in a row. This trend can be explained in particular by the increasing complexity of the applications used.
Bug Bounty Platform: Rewards for hackers are increasing
The total amount of rewards paid out to hackers also increased by 2021 percent in 140 compared to the previous year. The highest payout in the last year was 40.000 euros. With 230.000 euros, the YesWeHack community was also offered the highest reward to date last year - in the public bug bounty program of Swiss Post.
One of the reasons why YesWeHack is becoming more and more popular with ethical hackers and customers is the continuous commitment to smooth operation as well as high quality of the programs. For example, in 2021, 78 percent of discovered vulnerabilities were rewarded within 24 hours of acceptance, 89 percent within 28 days of submission. 60 percent of the vulnerabilities were fixed within a month.
More at YesWeHack.com
About YesWeHack
YesWeHack is Europe's leading bug bounty and VDP platform. The platform brings together companies looking to close security gaps in their digital infrastructure with over 35.000 ethical hackers, dubbed “Hunters”. The hunters follow the customer's rules and are paid based on results. In addition to the bug bounty platform, YesWeHack offers support in creating a Vulnerability Disclosure Policy (VDP) and a job exchange for IT security experts. Dojo, a learning platform for ethical hackers, and a training platform for educational institutions (YesWeHackEDU) are also part of the portfolio. YesWeHack is trusted by companies and organizations such as Deezer, BlaBlaCar, Paris Airport and the French Ministry of Defense. YesWeHack was founded in France in 2015. Head office is in Paris.