Product reviews, deals and the latest tech news

This year, ethical hackers found 65,000 vulnerabilities in software

There are holes in security everywhere you look. Every new piece of hardware, software, or application programming interface (API) creates another potential vulnerability that hackers might use to get access to sensitive data. But these days, more and more businesses are hiring “ethical hackers” to help them monitor and prevent security breaches.

In fact, the number of software vulnerabilities found by ethical hackers in 2022 increased by 21% from 2021, as reported in HackerOne‘s newly released 2022 Hacker-Powered Security Report.

According to the data, digital transformation efforts increased the prevalence of misconfigurations by 150% and inappropriate permission by 45%.

The findings demonstrate, at a high level, the potential of ethical hacker groups to uncover vulnerabilities at scale and underline the fact that internal security teams cannot rely on manual methods of vulnerability management.

Effectively expanding ethical hacking for vulnerability management

66% of security leaders reported a backlog of over 100,000 vulnerabilities, and 54% said they are able to patch fewer than 50% of vulnerabilities in their backlog, indicating that enterprises are experiencing the burden of handling an increasing number of exploits.

Ethical hacking and bug reward suppliers like HackerOne are responding to the growing demand for a scalable way to handling vulnerabilities.

“Insights from the hacking community about their experience and expectations teach organizations how to run a best-in-class program that will attract the top hackers,” said HackerOne’s CISO and chief hacking officer, Chris Evans.

“HackerOne’s vulnerability data, sourced from our 3,000 customer programs, shows organizations which vulnerabilities their peers incentivize hackers to report. Customers continue to introduce risk during digital transformation projects. The report also shows that hackers are adept at identifying the vulnerabilities introduced so that our customers can fix them before they result in an incident,” Evans said.