Clearly no system is perfect and it is not exempt from being violated and no matter how safe it claims to be, there will always be a way in which this can be accessed and a rather crude example of this is about the method they designed last year in which it was possible to be able to know the information of a computer to be captured from Being disconnected from the network, with the simple fact of the sound emitted by the fans, could be compromised.
And well, talked about it recently, the annual report "Hacker-Powered Security: Industry Insights" from HackerOne shows that ethical hackers identified more than 66.000 valid vulnerabilities last year.
For those unaware of HackerOne, a global collaborative security platform, and it has been revealed that the Ethical hackers have reported more than 66.000 valid vulnerabilities this year, 20% more than in 2020.
Collaborative security is a growing practice, particularly sustained by a very significant increase in pentest campaigns (+ 264%). The pandemic has resulted in an acceleration of digital transformation and migration to the cloud, exposing organizations to more vulnerabilities as attack surfaces expand and services continue to outsource.
The Annual Industry Information Report provides information from the bug and vulnerability program database biggest in the world
Generosity. It tells us this year that the number of bonuses paid to hackers for detecting critical vulnerabilities is on the rise, with organizations prioritizing the bugs with the highest impact.
Businesses are also faster than ever at managing and remediating vulnerabilities, as these issues are becoming major business problems.
The report finally reveals the 10 most reported vulnerabilities, providing an understanding of how to prioritize efforts to remediate vulnerabilities and which vulnerabilities are most valuable.
Chris Evans, CISO and recently appointed Director of Hacking at HackerOne comments:
“Today, even the most conservative organizations recognize the added value of the outside perspective that ethical hackers bring. For example, we are seeing strong growth in collaborative security practices among financial players. Measuring and quantifying risk is their core business, and they realize that risk is lower when working with hackers. Our clients rely on vulnerability reporting data throughout their software development cycles. Therefore, they can detect faults earlier and fix them economically.
Here are some key findings from the report:
La collaborative security continues to increase with a 34% increase in the number of security programs involving ethical hackers in 2021.
All industries are part of this trend, including the most critical, traditionally conservative industries.
In the financial sector in particular, collaborative security programs increased by 62%. In the public sector, these practices have increased by 89%, driven by flagship institutions such as the UK Ministry of Defense or the GovTech agency in Singapore.
Hackers reported 20% more vulnerabilities than in 2020. Although traditional bug bounty increased 10%, vulnerability disclosure programs (VDP) saw an increase of 47% and penetration test reports (pentests) increased by 264%.
The average price of a reward for finding a critical vulnerability increased by 20%, from $ 2500 to $ 3000 in 2021. The average amount of a reward increased by 13% for a critical vulnerability and 30% for a very critical vulnerability.
During last year, mean resolution time has decreased 19%, from 33 days to 26,7 days, as some sectors such as retail and electronic commerce have seen resolution time drop by more than 50 days.%.
The most reported bug in HackerOne it is still Cross Site ScriptingHowever, other types of errors have seen a significant increase since 2020. Information disclosure has increased by 58% and business logic errors have seen an increase of 67%, giving them for the first time a place in the Top 10.
Finally if you are interested in knowing more about it you can check the details in the following link