Crowdsourced security has seen a boom this year as Bugcrowd saw a 50% increase in submissions on its platform in the last 12 months, according to its latest Priority One report.
Bugcrowd provides a platform for ethical hackers around the world to help organizations maximize their security.
The study revealed a 65% increase from the previous year in the discovery of high-risk vulnerabilities including P1 vulnerabilities which causes a privilege escalation on the platform from unprivileged to admin, allows remote code execution, and financial theft.
Also, vulnerability submissions to Bugcrowd were up 24% in the first ten months of 2020, compared to all of 2019, and software companies paid out almost five times as much as any other industry for submissions. At large, this year saw increasingly complicated security attacks, according to Microsoft in a blog post.
“Our Priority One report findings clearly show that leading organizations across all sectors are embracing crowdsourced security as a core element of their security strategy,” said Ashish Gupta, the CEO of Bugcrowd. “Comparing data from the last two years, we see that crowdsourced cybersecurity is growing rapidly as a result of rapid digital transformation and increased threats caused by the COVID-19 pandemic. Vulnerability submissions are up, with higher numbers of critical vulnerabilities, and total payouts are growing steadily by about 15-20% per quarter.”
The report also found that eight out of the top ten bugs submitted in 2020 were the same in 2019, signaling that managing known risk is still a major challenge for enterprises. Vulnerabilities in the API and IoT doubled, and those found in Android targets more than tripled.
The most common culprit of submitted vulnerabilities in 2020 are broken access controls followed by cross-site scripting (XSS). This underscores the fact that human error is a major source of security risk.
“The speed of discovery across the board demonstrates the tremendous value crowdsourced security can add to security teams and companies looking to fast-track digital transformation efforts and bring new infrastructure online,” added Gupta. “This speed is replicated by adversaries too, which places even more of a premium on having a crowdsourced security platform that allows a company to tap into the expertise and agility of the Crowd to keep their organizations safe.”
The full Priority One Report 2021 Edition is available here.