Bug Bounty & Crowd-Sourced Cyber Security

Uploaded on 2021-02-05 in TECHNOLOGY--Hackers, FREE TO VIEW

The technology sector was the first market to adopt the crowd-sourced security model and continues to be the most important user in the market, followed by the finance and insurance sectors. The Coronavirus pandemic has dramatically accelerated the growth of crowd-sourcing in other sectors and to cope with the crisis, many organisations are reinventing  their operating models by digitising their activities. 

Given the growing importance of cyber security in the economic survival of companies, an increasing number of Chief Information Security Officers (CISOs) are turning to Bug Bounty programs and buying the services offered by ethical hackers

YesWeHack one of Europe's leading bug bounty platform, has announced exponential growth in Europe, with turnover growing by 100% in 2020.  During the same period, the number of completed bug bounty programs increased by 120% and the volume of identified vulnerabilities more than doubled.

In terms of the types of vulnerabilities detected, YesWeHack notes that the evolution of technologies has led to a slight but constant increase in vulnerabilities. 

These result from poor implementation or design flaws and access control that reduce the number of technical vulnerabilities in corporate networks and this trend is expected to increase as the trend towards hardening of the development of networks frameworks continues.

One reason for the popularity of the YesWeHack platform among ethical hackers can be attributed in part to the efficiency of the programs and the speed of payment. During 2020, for example, 55% of vulnerabilities were paid for less than one week after the report was submitted, furthermore. nearly 90% were paid within 28 days. It can be lucrative too - the biggest bonus paid to a YesWeHack hunter in 2020 was €10,000.

The time it takes to resolve vulnerabilities has also dropped significantly.T he average resolution time in 2020 was 44 days compared to 109 days in 2019. In addition, almost 70% of the vulnerabilities detected in 2020 by YesWeHack researchers were fixed within 28 days of acceptance. This increase can be attributed in part to the progressive integration of Bounty Bug within the software development lifecycle.

Ethical Hackers will play a central role in 2021 as many user organisation's understanding of the strategy has improved. An increasing number of them are finding the confidence to put crowd-sourced security into the mix  as a key component of their cyber security strategy.  

The attack surface is also likely to broaden as remote working and longer supply chains increase the number of vulnerable endpoints. Organizations cannot guarantee the security of their growing volume of third-party interactions, such as with logistics, customers, suppliers, service providers, and finance. “These interactions rapidly increase a company's attack surface and complicate the security of their digital footprint. Left unchecked, these new exposures can quickly become the target of future cyber-attacks.” commented Romain Lecoeuvre, CTO of YesWeHack.
 
As digital transformation quickly spreads across private and public sector organisations, it seems likely that ethical hackers will have a vital   role to play, with a significant adoption of the services that  firms like YesWeHack, Bugcrowd, HackerOne and others can offer in terms of speed, expertise and risk reduction. 
 

ZScaler:        Crowd Sourcing Week:       Bugcrowd:          YesWeHack:          HackerOne

You Might Also Read: 

Ethical Hackers Have Earned  $100m:

 

« Amazon Phishing Emails
Webinar: Architect a security-driven networking strategy in the AWS Cloud »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Apomatix

Apomatix

Apomatix is a platform that simplifies the complexity of cyber risk audit and management.

Seltek Technology Solutions

Seltek Technology Solutions

Seltek provides Digital Forensics, eDiscovery, Cybersecurity Assessments and IT Support services.

Kuratorium Sicheres Österreich (KSO)

Kuratorium Sicheres Österreich (KSO)

KSO is an independent non-profit association that has set itself the goal of making Austria safer as a national networking and information platform for topics of internal security.

QSecure

QSecure

QSecure specializes in the provision of information security and risk management services.

Network Integrated Business Solutions (NIBS)

Network Integrated Business Solutions (NIBS)

NIBS is an IT services provider offering a range of services with the aim of simplifying and securing technology.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

MagicCube

MagicCube

MagicCube is a device independent IoT security platform that protects against on-device, cloud, and network attacks.

MDSec

MDSec

MDSec is a consultancy with a passion for information security. Our consultants specialise in application, mobile and hardware security and targeted red team attacks.

The PenTesting Company

The PenTesting Company

The PenTesting Company is owned and operated by offensive security professionals. Penetration Testing is essentially all we do.

CSIOS Corp.

CSIOS Corp.

At CSIOS we help our customers achieve and sustain information and cyberspace superiority through a full range of defensive and offensive cyberspace operations and cybersecurity consulting services.

PatchAdvisor

PatchAdvisor

PatchAdvisor core services include Vulnerability Assessments/Penetration Testing, Application Vulnerability Assessments, and Incident Response.

PureSquare

PureSquare

PureSquare exist to empower people with simple solutions for their increasingly complex digital security & online privacy needs.

TRM Labs

TRM Labs

TRM enables risk management and compliance for a global community of financial institutions, cryptocurrency businesses and government agencies.

CardinalOps

CardinalOps

The CardinalOps platform continuously assesses your detection posture and eliminates coverage gaps in your existing detection stack so you can easily implement a threat-informed defense.

Cloudsmith

Cloudsmith

Cloudsmith is the only cloud-native, global, universal artifact management platform for securely developing and distributing software.

LeakSignal

LeakSignal

At LeakSignal, we transform the way you monitor and protect your data. We provide unparalleled visibility and control over your sensitive data flows.