Bugcrowd, the only multi-solution crowdsourced cybersecurity platform, has recently presented its annual "Inside the Platform: Bugcrowd's Vulnerability Trends Report". The report outlines key vulnerability submissions appearing nowadays as reported by hackers worldwide. Further, it plenty evidences growing acceptance and awareness of public crowdsourced programs due to a more strategically approach towards security.
In 2023, the government industry experienced the highest growth in crowdsourced security. Compared to the previous year, vulnerability submissions have grown by a staggering 151%, and 58% in Priority 1 (termed P1) rewards for discovering critical vulnerabilities. Other sectors such as retail, corporate services, and computer software also saw significant growth, showing increases of 34%, 20%, and 12% in submissions respectively.
The hacker community has recorded a 30% increase in Web submissions on the Bugcrowd platform compared to 2022, alongside increases of 18% in API submissions, 21% in Android submissions, and 17% in iOS submissions. Nick McKenzie, Chief Information & Security Officer of Bugcrowd, stated: "This report offers critical context, insights, and opportunities for security leaders looking for new information to bolster their risk profiles. Looking ahead, we can use insights from this report in conjunction with other key learnings to predict what is coming next."
McKenzie anticipates that in 2024, threat actors will exploit adversarial AI to expedite enterprise attacks - creating a higher volume of alerts for defenders, but not necessarily smarter attacks. He predicts that gaining quality insights, coverage and continuous assurance in supply chain security, third-party risk, and inventory management processes will become increasingly important areas for security leaders. Additionally, the human risk factor is also likely to become more menacing, rooted in the actions of rogue insiders and misguided employees who fall prey to social engineering attacks or bypass internal controls, whether intentionally or unintentionally.
Bugcrowd links organisations with trusted hackers to proactively defend their assets against sophisticated threats. The platform uses the collective creativity of the hacking community to uncover and mitigate risks across applications, systems, and infrastructure. The crowdsourced solutions include penetration testing as a service, managed bug bounties, and vulnerability disclosure programs (VDPs).
The report reveals that the most successful programs on the platform are those that offer the highest rewards to hackers, usually $10,000 or more for finding a P1 vulnerability. The sectors with the highest payouts for P1 vulnerability submissions are the financial services and government sectors. Additionally, organisations have shown a preference for public crowdsourced programs over private ones this past year. Programs with open scopes received 10X more P1 vulnerabilities than those with limited scopes.
The "Inside the Platform: Bugcrowd's Vulnerability Trends Report" also examines how different hacker roles contribute to crowdsourced security, and how crowdsourced security platforms can provide potent warning systems to uncover vulnerabilities. Other key aspects discussed in the report include the changing landscape for reward ranges, the five most commonly reported vulnerability types, and customer case studies spotlighting Rapyd and ClickHouse.