© 2022 CyberNews - Latest tech news,
product reviews, and analyses.

If you purchase via links on our site, we may receive affiliate commissions.

Ethical hackers found 20% more vulnerabilities in 2021


According to a new report by HackerOne, ethical hackers have reported over 66,000 software vulnerabilities to organizations in 2021, up by 20% from 2020.

Each year, HackerOne publishes the Hacker-Powered Security Report on the latest insights from the world’s largest database of vulnerabilities. Its latest edition reveals the optimistic trend of increasing organizational cybersecurity awareness as much more organizations appear to prioritize vulnerability management in the past 12 months.

According to the report, more than 66,000 valid vulnerabilities were detected by ethical hackers in 2021, with a 264% YoY increase in bugs discovered via penetration tests. At the same time, 47% more security flaws were detected by Vulnerability Disclosure Programs.

In addition to the positive trend of increased organizational awareness, HackerOne points to the expansion of attack surfaces caused by digital transformation and cloud migration as another likely reason for the noticeable surge in vulnerabilities.

The Hacker-Powered Security Report also includes the top ten vulnerabilities detected on the platform, with cross-site scripting as the top vulnerability in 2021. With a 58% YoY increase, information disclosure runs a close second, while improper access control rounds out the top three.

HackerOne top 10 vulnerabilities 2021
(Image source: HackerOne)

The report also found that business logic errors saw the most significant increase in reports, up 67% from 2020.

Rising rewards for bug bounties

When it comes to bug bounty rewards, the median price of a critical bug rose 20% from $2,500 in 2020 to $3,000 in 2021. Meanwhile, the average bounty price paid by organizations to ethical hackers for a newfound critical bug rose by 13%, and by 30% for a high severity flaw.

“Even the most conservative organizations are recognizing the power of the outsider point of view,” said Chris Evans, the CISO and Chief Hacking Officer of HackerOne.

“Across the board, we’re seeing customers using vulnerability report data to inform their software development lifecycles. Organizations are catching issues earlier, and remediating them, at greatly reduced cost by focusing on improvements to developer education, source code integrations, and development frameworks.”


More from CyberNews

Microsoft Vancouver leaking website credentials via overlooked DS_STORE file

Consumers reported losing a whopping $148 million in gift cards to scams

Holiday shopping in 2021: hunting for gifts in an ocean of scams

Only up to five percent of ransomware cases are caused by phishing - interview

Over 9 million Android devices infected with new trojan from Huawei's app store

Subscribe to our newsletter

Leave a Reply

Your email address will not be published. Required fields are marked