Software industry turns to crowdsourced security during the pandemic
Among the many things that have changed in 2020 it's proved to be a record year for crowdsourced cybersecurity adoption, according to Bugcrowd.
Enterprises across all industries have been implementing crowdsourced cybersecurity programs to keep up with the evolving threat landscape. Bugcrowd has seen a 50 percent increase in submissions on its platform in the last 12 months, including a 65 percent increase in Priority One (P1) submissions, which refer to the most critical security vulnerabilities.
Vulnerability submissions were up 24 percent in the first ten months, compared to all of 2019. Across the board, computer software companies have paid out almost five times as much as any other industry for submissions. Most notably, P1 submissions in the software industry nearly tripled in 2020.
"Our Priority One report findings clearly show that leading organizations across all sectors are embracing crowdsourced security as a core element of their security strategy," says Ashish Gupta, CEO of Bugcrowd. "Comparing data from the last two years, we see that crowdsourced cybersecurity is growing rapidly as a result of rapid digital transformation and increased threats caused by the COVID-19 pandemic. Vulnerability submissions are up, with higher numbers of critical vulnerabilities, and total payouts are growing steadily by about 15-20 percent per quarter."
Eight of the top 10 bugs submitted in 2020 -- as rated by Bugcrowd's Vulnerability Rating Taxonomy (VRT), a widely-used, open-source standard that offers a baseline risk-rating for each vulnerability submitted via Bugcrowd’s platform -- were also featured on the 2019 list. This shows that managing known risks is still a challenge for most enterprises.
Interestingly, API and IoT vulnerabilities doubled, while those found in Android targets more than tripled. This suggests the heavy focus on remote work and subsequent growth in IoT device adoption in 2020 has made IoT devices more attractive targets for cybercriminals.
The most submitted vulnerabilities come from broken access controls, while the second-highest number of vulnerabilities are related to cross-site scripting (XSS). The broken access control vulnerability is driven by human error and can often be prevented through the correct use of code frameworks that have XSS prevention built-in. This underscores the fact that human error is a major source of security risk.
You can find the full report on the Bugcrowd site.