Ethical hackers found even more vulnerabilities in 2022

News
By
published

Security vulnerabilities are increasing, ethical hacking platform claims

hacker one bb cropped
(Image credit: Tada Images / Shutterstock.com)

Software vulnerabilities have increased by 21% since 2021, with over 65,000 being discovered this year, according to a report from HackerOne.

The crowdsourced cybersecurity platform analyzed the vulnerabilities uncovered by its ethical hackers, finding vulnerabilities in digital transformation projects have grown significantly over the last year, with their associated misconfigurations increasing by two and half times and improper authorization protocols by nearly a half. 

In surveying over 5,000 hackers in their community, HackerOne also found that over a third of hackers thought that a lack of expertise was the biggest problem for companies’ security posture. 

What hackers think

What’s more worrying is that most of the hackers believed automated threat detection tools were not good enough, with 92% claiming that they can uncover vulnerabilities that such software overlooks in scans.

read more

> Bug bounties have made these hackers millionaires


> HackerOne employee stole bug reports and collected the bounties


> Ethical hackers no longer face prosecution in the US

The report also questioned the hackers on their motivations, with most (79%) saying they wanted to learn from their activities, and 72% were motivated by money. Nearly half hack more now than they did last year as well. 

Somewhat counterintuitively, they also tended to target higher quality programs, with half avoiding programs that have poor communication features and are slow in their response times. 

Half again did not report vulnerabilities that they found, with 42% claiming that the target in question did not have an adequate process to do so.

The average payouts to hackers for finding vulnerabilities - known as bounties - did not increase much on last year, however there was a marked increase of 315% in the average payout of bounties relating to cryptocurrency and blockchain programs, from $6,443 in 2021 to $26,728 in 2022.

“Customers continue to introduce risk during digital transformation projects,” HackerOne CISO Chris Evans commented. “The report also shows that hackers are adept at identifying the vulnerabilities introduced so that our customers can fix them before they result in an incident.”

Lewis Maddison
Lewis Maddison
Reviews Writer

Lewis Maddison is a Reviews Writer for TechRadar. He previously worked as a Staff Writer for our business section, TechRadar Pro, where he had experience with productivity-enhancing hardware, ranging from keyboards to standing desks. His area of expertise lies in computer peripherals and audio hardware, having spent over a decade exploring the murky depths of both PC building and music production. He also revels in picking up on the finest details and niggles that ultimately make a big difference to the user experience.