Bugcrowd sees 30 percent increase in web vulnerability submissions
Crowdsourced security platform Bugcrowd’s latest Vulnerability Trends Report finds that the hacker community recorded a 30 percent increase in web vulnerability submissions on the platform compared to 2022.
In addition it has recorded an 18 percent increase in API submissions, a 21 percent increase in Android submissions, and a 17 percent increase in iOS submissions.
The government sector experienced the fastest growth for crowdsourced security last year, witnessing a 151 percent increase in vulnerability submissions and a 58 percent increase in Priority 1 (P1) rewards for finding critical vulnerabilities. The financial services industry and government sector offered the highest median payouts for P1 vulnerability submissions. Additionally, the most successful programs were those that offered higher rewards (e.g., $10,000 or more for P1 vulnerabilities). Programs with open scopes received 10x more P1 vulnerabilities than those with limited scopes.
"This report offers critical context, insights, and opportunities for security leaders looking for new information to bolster their risk profiles," says Nick McKenzie, chief information security officer of Bugcrowd. "Looking ahead, we can use insights from this report in conjunction with other key learnings to predict what is coming next."
In the past year, enterprises have increasingly favored public crowdsourced programs over private ones, while programs with open scopes received 10X more P1 vulnerabilities than those with limited scopes. A scope is the defined set of targets listed by an organization as assets to be tested. An open scope bug bounty program imposes no limitations on what hackers can or cannot test in terms of assets that belong to the organization.
The report also examines how different hacker roles contribute to crowdsourced security, and how crowdsourced security platforms can provide powerful warning systems to uncover vulnerabilities. You can read more and get the full report on the Bugcrowd blog.
Photo Credit: andriano.cz/Shutterstock