Hackers discover over 65,000 software flaws

HackerOne says that its community of ethical hackers has discovered over 65,000 software vulnerabilities in 2022, a 21% increase since 2021.

  • Tuesday, 13th December 2022 Posted 2 years ago in by Phil Alsop

Reports for vulnerability types introduced by digital transformation projects have seen significant growth, with misconfigurations growing by 150% and improper authorization by 45%. Thirty-eight percent of hackers say they think the biggest challenge facing organizations is a lack of in-house skills and expertise, while dealing with growing attack surfaces. Most hackers believe that security automation cannot replace the creativity of humans, with 92% percent saying they can find vulnerabilities scanners can’t.

 

Now in its 6th year, HackerOne’s 2022 Hacker-Powered Security Report combines insights from the hacking community, looking at hackers’ motivations and expertise, and trends from the world's largest dataset of vulnerabilities. The report reveals average bounty prices in different industries, the most impactful vulnerabilities that customers pay for, and how hackers report these vulnerabilities to organizations. 

 

Other key findings include:

Hackers are motivated by learning, money, and the mission to build a safer internet. Seventy-nine percent of hackers say they hack to learn, more than those that say they’re in it for the money (72%). Forty-seven percent hack more than they did in 2021.

Hackers increasingly seek out the most mature programs to work with. Fifty percent of hackers are put off hacking on programs with poor communication and slow response times. Fifty percent of hackers also say they have not reported a vulnerability they found, with 42% saying this is due to a lack of a clear process to report it safely.

2022 saw a 45% increase in organizations investing in HackerOne programs, driven by a 400% increase in automotive programs, 156% in telecommunications, and 143% growth in cryptocurrency and blockchain. 

Despite the industry average showing average and median bounty prices have not risen dramatically in the past 12 months, cryptocurrency and blockchain programs saw the average payout increase by 315%, from $6,443 in 2021 to $26,728 in 2022.

 

“Insights from the hacking community about their experience and expectations teach organizations how to run a best-in-class program that will attract the top hackers,” said Chris Evans, HackerOne’s CISO and Chief Hacking Officer. “HackerOne’s vulnerability data, sourced from our 3,000 customer programs, shows organizations which vulnerabilities their peers incentivize hackers to report. Customers continue to introduce risk during digital transformation projects. The report also shows that hackers are adept at identifying the vulnerabilities introduced so that our customers can fix them before they result in an incident.”